Details of VAR-201810-0493

ID

VAR-201810-0493

CVE

CVE-2018-17910

TITLE

WebAccess Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011340

DESCRIPTION

WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability stems from the fact that the software failed to properly verify the length of the data provided by the user. Advantech WebAccess is prone to the following security vulnerabilities: 1. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 3.33

sources: NVD: CVE-2018-17910 // JVNDB: JVNDB-2018-011340 // ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // BID: 105736 // IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // VULHUB: VHN-128417

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // CNVD: CNVD-2018-21937

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.2	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess	scope:	lte	version:	<=8.3.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.1	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // BID: 105736 // JVNDB: JVNDB-2018-011340 // CNNVD: CNNVD-201810-1273 // NVD: CVE-2018-17910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17910
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-17910
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-17910
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-21937
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-1273
value:	HIGH
Trust: 0.6
IVD:	e2fec8d0-39ab-11e9-b9a9-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-128417
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-17910
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-21937
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fec8d0-39ab-11e9-b9a9-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-128417
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-17910
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ZDI:	CVE-2018-17910
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // VULHUB: VHN-128417 // JVNDB: JVNDB-2018-011340 // CNNVD: CNNVD-201810-1273 // NVD: CVE-2018-17910

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-121	Trust: 1.0

sources: VULHUB: VHN-128417 // JVNDB: JVNDB-2018-011340 // NVD: CVE-2018-17910

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1273

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // CNNVD: CNNVD-201810-1273

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011340

PATCH

title:	Advantech WebAccess	url:	https://www.advantech.com/industrial-automation/webaccess/webaccessscada	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02	Trust: 0.7
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21937)	url:	https://www.cnvd.org.cn/patchInfo/show/143397	Trust: 0.6
title:	Advantech WebAccess Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86345	Trust: 0.6

sources: ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // JVNDB: JVNDB-2018-011340 // CNNVD: CNNVD-201810-1273

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17910	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-298-02	Trust: 3.4
db:	BID	id:	105736	Trust: 2.0
db:	SECTRACK	id:	1041957	Trust: 1.7
db:	CNNVD	id:	CNNVD-201810-1273	Trust: 0.9
db:	CNVD	id:	CNVD-2018-21937	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-011340	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7166	Trust: 0.7
db:	ZDI	id:	ZDI-18-1330	Trust: 0.7
db:	IVD	id:	E2FEC8D0-39AB-11E9-B9A9-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-128417	Trust: 0.1

sources: IVD: e2fec8d0-39ab-11e9-b9a9-000c29342cb1 // ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // VULHUB: VHN-128417 // BID: 105736 // JVNDB: JVNDB-2018-011340 // CNNVD: CNNVD-201810-1273 // NVD: CVE-2018-17910

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-298-02	Trust: 4.1
url:	http://www.securityfocus.com/bid/105736	Trust: 1.7
url:	http://www.securitytracker.com/id/1041957	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17910	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17910	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-18-1330 // CNVD: CNVD-2018-21937 // VULHUB: VHN-128417 // BID: 105736 // JVNDB: JVNDB-2018-011340 // CNNVD: CNNVD-201810-1273 // NVD: CVE-2018-17910

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-1330

SOURCES

db:	IVD	id:	e2fec8d0-39ab-11e9-b9a9-000c29342cb1
db:	ZDI	id:	ZDI-18-1330
db:	CNVD	id:	CNVD-2018-21937
db:	VULHUB	id:	VHN-128417
db:	BID	id:	105736
db:	JVNDB	id:	JVNDB-2018-011340
db:	CNNVD	id:	CNNVD-201810-1273
db:	NVD	id:	CVE-2018-17910

LAST UPDATE DATE

2024-08-14T14:57:07.647000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1330	date:	2018-10-31T00:00:00
db:	CNVD	id:	CNVD-2018-21937	date:	2018-10-28T00:00:00
db:	VULHUB	id:	VHN-128417	date:	2019-10-09T00:00:00
db:	BID	id:	105736	date:	2018-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-011340	date:	2019-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201810-1273	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-17910	date:	2019-10-09T23:37:02.613

SOURCES RELEASE DATE

db:	IVD	id:	e2fec8d0-39ab-11e9-b9a9-000c29342cb1	date:	2018-10-28T00:00:00
db:	ZDI	id:	ZDI-18-1330	date:	2018-10-31T00:00:00
db:	CNVD	id:	CNVD-2018-21937	date:	2018-10-28T00:00:00
db:	VULHUB	id:	VHN-128417	date:	2018-10-29T00:00:00
db:	BID	id:	105736	date:	2018-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-011340	date:	2019-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201810-1273	date:	2018-10-26T00:00:00
db:	NVD	id:	CVE-2018-17910	date:	2018-10-29T18:29:08.823