Details of VAR-201810-0396

ID

VAR-201810-0396

CVE

CVE-2018-14816

TITLE

Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-1312 // ZDI: ZDI-18-1304

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within upandpr.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 9.9

sources: NVD: CVE-2018-14816 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1309 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1304 // ZDI: ZDI-18-1313 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1300 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1312 // CNVD: CNVD-2018-21935 // IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // VULHUB: VHN-125013

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // CNVD: CNVD-2018-21935

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess node	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.1	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lte	version:	<=8.3.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.1	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1300 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1313 // ZDI: ZDI-18-1304 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // CNVD: CNVD-2018-21935 // CNNVD: CNNVD-201810-1188 // NVD: CVE-2018-14816

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-14816
value:	HIGH
Trust: 9.1
nvd@nist.gov:	CVE-2018-14816
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2018-21935
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-1188
value:	CRITICAL
Trust: 0.6
IVD:	e2feefe1-39ab-11e9-8e28-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-125013
value:	HIGH
Trust: 0.1

ZDI:	CVE-2018-14816
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.1
nvd@nist.gov:	CVE-2018-14816
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-21935
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2feefe1-39ab-11e9-8e28-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-125013
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14816
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1300 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1313 // ZDI: ZDI-18-1304 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // CNVD: CNVD-2018-21935 // VULHUB: VHN-125013 // CNNVD: CNNVD-201810-1188 // NVD: CVE-2018-14816

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-125013 // NVD: CVE-2018-14816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1188

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // CNNVD: CNNVD-201810-1188

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01	Trust: 9.1
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21935)	url:	https://www.cnvd.org.cn/patchInfo/show/143393	Trust: 0.6
title:	Advantech WebAccess Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86280	Trust: 0.6

sources: ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1300 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1313 // ZDI: ZDI-18-1304 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // CNVD: CNVD-2018-21935 // CNNVD: CNNVD-201810-1188

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14816	Trust: 11.6
db:	ICS CERT	id:	ICSA-18-296-01	Trust: 2.3
db:	BID	id:	105728	Trust: 2.3
db:	SECTRACK	id:	1041939	Trust: 1.7
db:	CNNVD	id:	CNNVD-201810-1188	Trust: 0.9
db:	CNVD	id:	CNVD-2018-21935	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6299	Trust: 0.7
db:	ZDI	id:	ZDI-18-1311	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6300	Trust: 0.7
db:	ZDI	id:	ZDI-18-1312	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6296	Trust: 0.7
db:	ZDI	id:	ZDI-18-1308	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6298	Trust: 0.7
db:	ZDI	id:	ZDI-18-1310	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6302	Trust: 0.7
db:	ZDI	id:	ZDI-18-1314	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6295	Trust: 0.7
db:	ZDI	id:	ZDI-18-1307	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6287	Trust: 0.7
db:	ZDI	id:	ZDI-18-1300	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6289	Trust: 0.7
db:	ZDI	id:	ZDI-18-1302	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6285	Trust: 0.7
db:	ZDI	id:	ZDI-18-1298	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6301	Trust: 0.7
db:	ZDI	id:	ZDI-18-1313	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6292	Trust: 0.7
db:	ZDI	id:	ZDI-18-1304	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6293	Trust: 0.7
db:	ZDI	id:	ZDI-18-1305	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6297	Trust: 0.7
db:	ZDI	id:	ZDI-18-1309	Trust: 0.7
db:	IVD	id:	E2FEEFE1-39AB-11E9-8E28-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-125013	Trust: 0.1

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1300 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1313 // ZDI: ZDI-18-1304 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // CNVD: CNVD-2018-21935 // VULHUB: VHN-125013 // CNNVD: CNNVD-201810-1188 // NVD: CVE-2018-14816

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01	Trust: 10.3
url:	http://www.securityfocus.com/bid/105728	Trust: 1.7
url:	http://www.securitytracker.com/id/1041939	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c	Trust: 1.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,	Trust: 0.1

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 9.1

SOURCES

db:	IVD	id:	e2feefe1-39ab-11e9-8e28-000c29342cb1
db:	ZDI	id:	ZDI-18-1311
db:	ZDI	id:	ZDI-18-1312
db:	ZDI	id:	ZDI-18-1308
db:	ZDI	id:	ZDI-18-1310
db:	ZDI	id:	ZDI-18-1314
db:	ZDI	id:	ZDI-18-1307
db:	ZDI	id:	ZDI-18-1300
db:	ZDI	id:	ZDI-18-1302
db:	ZDI	id:	ZDI-18-1298
db:	ZDI	id:	ZDI-18-1313
db:	ZDI	id:	ZDI-18-1304
db:	ZDI	id:	ZDI-18-1305
db:	ZDI	id:	ZDI-18-1309
db:	CNVD	id:	CNVD-2018-21935
db:	VULHUB	id:	VHN-125013
db:	CNNVD	id:	CNNVD-201810-1188
db:	NVD	id:	CVE-2018-14816

LAST UPDATE DATE

2024-11-20T22:49:55.017000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1311	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1312	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1308	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1310	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1314	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1307	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1300	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1302	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1298	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1313	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1304	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1305	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1309	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21935	date:	2018-10-28T00:00:00
db:	VULHUB	id:	VHN-125013	date:	2020-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201810-1188	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14816	date:	2023-11-07T02:53:02.097

SOURCES RELEASE DATE

db:	IVD	id:	e2feefe1-39ab-11e9-8e28-000c29342cb1	date:	2018-10-28T00:00:00
db:	ZDI	id:	ZDI-18-1311	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1312	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1308	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1310	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1314	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1307	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1300	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1302	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1298	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1313	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1304	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1305	date:	2018-10-24T00:00:00
db:	ZDI	id:	ZDI-18-1309	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21935	date:	2018-10-28T00:00:00
db:	VULHUB	id:	VHN-125013	date:	2018-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201810-1188	date:	2018-10-24T00:00:00
db:	NVD	id:	CVE-2018-14816	date:	2018-10-23T20:29:00.530