Details of VAR-201601-0038

ID

VAR-201601-0038

CVE

CVE-2016-0856

TITLE

Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-088

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x272F IOCTL in the ViewSrv subsystem. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems

Trust: 11.16

sources: NVD: CVE-2016-0856 // JVNDB: JVNDB-2016-001286 // ZDI: ZDI-16-090 // ZDI: ZDI-16-082 // ZDI: ZDI-16-102 // ZDI: ZDI-16-078 // ZDI: ZDI-16-108 // ZDI: ZDI-16-048 // ZDI: ZDI-16-118 // ZDI: ZDI-16-092 // ZDI: ZDI-16-098 // ZDI: ZDI-16-088 // ZDI: ZDI-16-112 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.8
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-088 // ZDI: ZDI-16-098 // ZDI: ZDI-16-092 // ZDI: ZDI-16-118 // ZDI: ZDI-16-048 // ZDI: ZDI-16-108 // ZDI: ZDI-16-078 // ZDI: ZDI-16-102 // ZDI: ZDI-16-082 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // JVNDB: JVNDB-2016-001286 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0856
value:	HIGH
Trust: 9.8
nvd@nist.gov:	CVE-2016-0856
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-0856
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-00434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-329
value:	CRITICAL
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2016-0856
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.8
nvd@nist.gov:	CVE-2016-0856
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00434
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-0856
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-001286 // NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001286

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 9.8
title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)	url:	https://www.cnvd.org.cn/patchInfo/show/70378	Trust: 0.6
title:	Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647	Trust: 0.6

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-088 // ZDI: ZDI-16-098 // ZDI: ZDI-16-092 // ZDI: ZDI-16-118 // ZDI: ZDI-16-048 // ZDI: ZDI-16-108 // ZDI: ZDI-16-078 // ZDI: ZDI-16-102 // ZDI: ZDI-16-082 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // JVNDB: JVNDB-2016-001286

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0856	Trust: 13.0
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 1.8
db:	ZDI	id:	ZDI-16-112	Trust: 1.7
db:	ZDI	id:	ZDI-16-118	Trust: 1.7
db:	ZDI	id:	ZDI-16-108	Trust: 1.7
db:	ZDI	id:	ZDI-16-102	Trust: 1.7
db:	ZDI	id:	ZDI-16-113	Trust: 1.0
db:	ZDI	id:	ZDI-16-101	Trust: 1.0
db:	ZDI	id:	ZDI-16-116	Trust: 1.0
db:	ZDI	id:	ZDI-16-100	Trust: 1.0
db:	ZDI	id:	ZDI-16-111	Trust: 1.0
db:	ZDI	id:	ZDI-16-114	Trust: 1.0
db:	ZDI	id:	ZDI-16-117	Trust: 1.0
db:	ZDI	id:	ZDI-16-103	Trust: 1.0
db:	ZDI	id:	ZDI-16-115	Trust: 1.0
db:	ZDI	id:	ZDI-16-106	Trust: 1.0
db:	ZDI	id:	ZDI-16-120	Trust: 1.0
db:	ZDI	id:	ZDI-16-110	Trust: 1.0
db:	ZDI	id:	ZDI-16-109	Trust: 1.0
db:	CNVD	id:	CNVD-2016-00434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-329	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001286	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3211	Trust: 0.7
db:	ZDI	id:	ZDI-16-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3239	Trust: 0.7
db:	ZDI	id:	ZDI-16-062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3207	Trust: 0.7
db:	ZDI	id:	ZDI-16-094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3175	Trust: 0.7
db:	ZDI	id:	ZDI-16-051	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3189	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3213	Trust: 0.7
db:	ZDI	id:	ZDI-16-088	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3203	Trust: 0.7
db:	ZDI	id:	ZDI-16-098	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3209	Trust: 0.7
db:	ZDI	id:	ZDI-16-092	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3182	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3149	Trust: 0.7
db:	ZDI	id:	ZDI-16-048	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3193	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3223	Trust: 0.7
db:	ZDI	id:	ZDI-16-078	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3199	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3219	Trust: 0.7
db:	ZDI	id:	ZDI-16-082	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018030263	Trust: 0.6
db:	IVD	id:	64DBA96E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 11.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856	Trust: 1.4
url:	http://www.zerodayinitiative.com/advisories/zdi-16-114	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-118	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-112	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-108	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-101	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-116	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-113	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-106	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-120	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-100	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-110	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-109	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-111	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-103	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-115	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-117	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-102	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0856	Trust: 0.8
url:	https://cxsecurity.com/issue/wlb-2018030263	Trust: 0.6

CREDITS

Anonymous

Trust: 9.8

SOURCES

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-090
db:	ZDI	id:	ZDI-16-062
db:	ZDI	id:	ZDI-16-094
db:	ZDI	id:	ZDI-16-051
db:	ZDI	id:	ZDI-16-112
db:	ZDI	id:	ZDI-16-088
db:	ZDI	id:	ZDI-16-098
db:	ZDI	id:	ZDI-16-092
db:	ZDI	id:	ZDI-16-118
db:	ZDI	id:	ZDI-16-048
db:	ZDI	id:	ZDI-16-108
db:	ZDI	id:	ZDI-16-078
db:	ZDI	id:	ZDI-16-102
db:	ZDI	id:	ZDI-16-082
db:	CNVD	id:	CNVD-2016-00434
db:	CNNVD	id:	CNNVD-201601-329
db:	JVNDB	id:	JVNDB-2016-001286
db:	NVD	id:	CVE-2016-0856

LAST UPDATE DATE

2025-11-28T23:09:49.526000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-088	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-098	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-092	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-118	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-048	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-108	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-078	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-102	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2021-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-001286	date:	2016-01-26T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-088	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-098	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-092	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-118	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-048	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-108	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-078	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-102	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2016-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-001286	date:	2016-01-26T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2016-01-15T03:59:18.250