Details of VAR-201601-0038

ID

VAR-201601-0038

CVE

CVE-2016-0856

TITLE

Advantech WebAccess webvrpcs Service DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-16-094 // ZDI: ZDI-16-093

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x278F IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems

Trust: 11.7

sources: NVD: CVE-2016-0856 // ZDI: ZDI-16-090 // ZDI: ZDI-16-073 // ZDI: ZDI-16-093 // ZDI: ZDI-16-083 // ZDI: ZDI-16-115 // ZDI: ZDI-16-085 // ZDI: ZDI-16-095 // ZDI: ZDI-16-055 // ZDI: ZDI-16-075 // ZDI: ZDI-16-063 // ZDI: ZDI-16-113 // ZDI: ZDI-16-103 // ZDI: ZDI-16-077 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 11.2
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-077 // ZDI: ZDI-16-103 // ZDI: ZDI-16-113 // ZDI: ZDI-16-063 // ZDI: ZDI-16-075 // ZDI: ZDI-16-055 // ZDI: ZDI-16-095 // ZDI: ZDI-16-085 // ZDI: ZDI-16-115 // ZDI: ZDI-16-083 // ZDI: ZDI-16-093 // ZDI: ZDI-16-073 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0856
value:	HIGH
Trust: 11.2
nvd@nist.gov:	CVE-2016-0856
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2016-00434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-329
value:	CRITICAL
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2016-0856
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 11.2
nvd@nist.gov:	CVE-2016-0856
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2016-00434
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-0856
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 11.2
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)	url:	https://www.cnvd.org.cn/patchInfo/show/70378	Trust: 0.6
title:	Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647	Trust: 0.6

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-077 // ZDI: ZDI-16-103 // ZDI: ZDI-16-113 // ZDI: ZDI-16-063 // ZDI: ZDI-16-075 // ZDI: ZDI-16-055 // ZDI: ZDI-16-095 // ZDI: ZDI-16-085 // ZDI: ZDI-16-115 // ZDI: ZDI-16-083 // ZDI: ZDI-16-093 // ZDI: ZDI-16-073 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0856	Trust: 13.6
db:	ZDI	id:	ZDI-16-103	Trust: 1.7
db:	ZDI	id:	ZDI-16-113	Trust: 1.7
db:	ZDI	id:	ZDI-16-115	Trust: 1.7
db:	ZDI	id:	ZDI-16-108	Trust: 1.0
db:	ZDI	id:	ZDI-16-101	Trust: 1.0
db:	ZDI	id:	ZDI-16-112	Trust: 1.0
db:	ZDI	id:	ZDI-16-116	Trust: 1.0
db:	ZDI	id:	ZDI-16-100	Trust: 1.0
db:	ZDI	id:	ZDI-16-111	Trust: 1.0
db:	ZDI	id:	ZDI-16-114	Trust: 1.0
db:	ZDI	id:	ZDI-16-117	Trust: 1.0
db:	ZDI	id:	ZDI-16-118	Trust: 1.0
db:	ZDI	id:	ZDI-16-106	Trust: 1.0
db:	ZDI	id:	ZDI-16-120	Trust: 1.0
db:	ZDI	id:	ZDI-16-110	Trust: 1.0
db:	ZDI	id:	ZDI-16-102	Trust: 1.0
db:	ZDI	id:	ZDI-16-109	Trust: 1.0
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 1.0
db:	CNVD	id:	CNVD-2016-00434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-329	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3211	Trust: 0.7
db:	ZDI	id:	ZDI-16-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3239	Trust: 0.7
db:	ZDI	id:	ZDI-16-062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3207	Trust: 0.7
db:	ZDI	id:	ZDI-16-094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3175	Trust: 0.7
db:	ZDI	id:	ZDI-16-051	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3224	Trust: 0.7
db:	ZDI	id:	ZDI-16-077	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3198	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3188	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3238	Trust: 0.7
db:	ZDI	id:	ZDI-16-063	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3226	Trust: 0.7
db:	ZDI	id:	ZDI-16-075	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3246	Trust: 0.7
db:	ZDI	id:	ZDI-16-055	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3206	Trust: 0.7
db:	ZDI	id:	ZDI-16-095	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3216	Trust: 0.7
db:	ZDI	id:	ZDI-16-085	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3185	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3218	Trust: 0.7
db:	ZDI	id:	ZDI-16-083	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3208	Trust: 0.7
db:	ZDI	id:	ZDI-16-093	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3228	Trust: 0.7
db:	ZDI	id:	ZDI-16-073	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018030263	Trust: 0.6
db:	IVD	id:	64DBA96E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 12.2
url:	http://www.zerodayinitiative.com/advisories/zdi-16-114	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-118	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-112	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-108	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-101	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-116	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-113	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-106	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-120	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-100	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-110	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-109	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-111	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-103	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-115	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-117	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-102	Trust: 1.0
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2018030263	Trust: 0.6

CREDITS

Anonymous

Trust: 11.2

SOURCES

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-090
db:	ZDI	id:	ZDI-16-062
db:	ZDI	id:	ZDI-16-094
db:	ZDI	id:	ZDI-16-051
db:	ZDI	id:	ZDI-16-077
db:	ZDI	id:	ZDI-16-103
db:	ZDI	id:	ZDI-16-113
db:	ZDI	id:	ZDI-16-063
db:	ZDI	id:	ZDI-16-075
db:	ZDI	id:	ZDI-16-055
db:	ZDI	id:	ZDI-16-095
db:	ZDI	id:	ZDI-16-085
db:	ZDI	id:	ZDI-16-115
db:	ZDI	id:	ZDI-16-083
db:	ZDI	id:	ZDI-16-093
db:	ZDI	id:	ZDI-16-073
db:	CNVD	id:	CNVD-2016-00434
db:	CNNVD	id:	CNNVD-201601-329
db:	NVD	id:	CVE-2016-0856

LAST UPDATE DATE

2026-02-01T22:53:33.681000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-077	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-103	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-113	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-063	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-075	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-055	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-095	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-085	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-115	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-083	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-093	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-073	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-077	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-103	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-113	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-063	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-075	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-055	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-095	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-085	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-115	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-083	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-093	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-073	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2016-01-15T03:59:18.250