Details of VAR-201601-0038

ID

VAR-201601-0038

CVE

CVE-2016-0856

TITLE

Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.8

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-088 // ZDI: ZDI-16-081 // ZDI: ZDI-16-091

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2731 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable

Trust: 11.34

sources: NVD: CVE-2016-0856 // ZDI: ZDI-16-090 // ZDI: ZDI-16-091 // ZDI: ZDI-16-082 // ZDI: ZDI-16-102 // ZDI: ZDI-16-073 // ZDI: ZDI-16-083 // ZDI: ZDI-16-081 // ZDI: ZDI-16-048 // ZDI: ZDI-16-072 // ZDI: ZDI-16-088 // ZDI: ZDI-16-060 // ZDI: ZDI-16-112 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // BID: 80745 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 10.5
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-060 // ZDI: ZDI-16-088 // ZDI: ZDI-16-072 // ZDI: ZDI-16-048 // ZDI: ZDI-16-081 // ZDI: ZDI-16-083 // ZDI: ZDI-16-073 // ZDI: ZDI-16-102 // ZDI: ZDI-16-082 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // BID: 80745 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0856
value:	HIGH
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2016-00434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-329
value:	CRITICAL
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2016-0856
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2016-00434
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-0856
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-060 // ZDI: ZDI-16-088 // ZDI: ZDI-16-072 // ZDI: ZDI-16-048 // ZDI: ZDI-16-081 // ZDI: ZDI-16-083 // ZDI: ZDI-16-073 // ZDI: ZDI-16-102 // ZDI: ZDI-16-082 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 10.5
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)	url:	https://www.cnvd.org.cn/patchInfo/show/70378	Trust: 0.6
title:	Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647	Trust: 0.6

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-060 // ZDI: ZDI-16-088 // ZDI: ZDI-16-072 // ZDI: ZDI-16-048 // ZDI: ZDI-16-081 // ZDI: ZDI-16-083 // ZDI: ZDI-16-073 // ZDI: ZDI-16-102 // ZDI: ZDI-16-082 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0856	Trust: 13.2
db:	ZDI	id:	ZDI-16-112	Trust: 1.7
db:	ZDI	id:	ZDI-16-102	Trust: 1.7
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 1.3
db:	ZDI	id:	ZDI-16-108	Trust: 1.0
db:	ZDI	id:	ZDI-16-113	Trust: 1.0
db:	ZDI	id:	ZDI-16-101	Trust: 1.0
db:	ZDI	id:	ZDI-16-116	Trust: 1.0
db:	ZDI	id:	ZDI-16-100	Trust: 1.0
db:	ZDI	id:	ZDI-16-111	Trust: 1.0
db:	ZDI	id:	ZDI-16-114	Trust: 1.0
db:	ZDI	id:	ZDI-16-117	Trust: 1.0
db:	ZDI	id:	ZDI-16-118	Trust: 1.0
db:	ZDI	id:	ZDI-16-103	Trust: 1.0
db:	ZDI	id:	ZDI-16-115	Trust: 1.0
db:	ZDI	id:	ZDI-16-106	Trust: 1.0
db:	ZDI	id:	ZDI-16-120	Trust: 1.0
db:	ZDI	id:	ZDI-16-110	Trust: 1.0
db:	ZDI	id:	ZDI-16-109	Trust: 1.0
db:	CNVD	id:	CNVD-2016-00434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-329	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3211	Trust: 0.7
db:	ZDI	id:	ZDI-16-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3239	Trust: 0.7
db:	ZDI	id:	ZDI-16-062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3207	Trust: 0.7
db:	ZDI	id:	ZDI-16-094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3175	Trust: 0.7
db:	ZDI	id:	ZDI-16-051	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3189	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3241	Trust: 0.7
db:	ZDI	id:	ZDI-16-060	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3213	Trust: 0.7
db:	ZDI	id:	ZDI-16-088	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3229	Trust: 0.7
db:	ZDI	id:	ZDI-16-072	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3149	Trust: 0.7
db:	ZDI	id:	ZDI-16-048	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3220	Trust: 0.7
db:	ZDI	id:	ZDI-16-081	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3218	Trust: 0.7
db:	ZDI	id:	ZDI-16-083	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3228	Trust: 0.7
db:	ZDI	id:	ZDI-16-073	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3199	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3219	Trust: 0.7
db:	ZDI	id:	ZDI-16-082	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3210	Trust: 0.7
db:	ZDI	id:	ZDI-16-091	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018030263	Trust: 0.6
db:	BID	id:	80745	Trust: 0.3
db:	IVD	id:	64DBA96E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 11.8
url:	http://www.zerodayinitiative.com/advisories/zdi-16-114	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-118	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-112	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-108	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-101	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-116	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-113	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-106	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-120	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-100	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-110	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-109	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-111	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-103	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-115	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-117	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-102	Trust: 1.0
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2018030263	Trust: 0.6
url:	http://webaccess.advantech.com	Trust: 0.3

CREDITS

Anonymous

Trust: 10.5

SOURCES

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-090
db:	ZDI	id:	ZDI-16-062
db:	ZDI	id:	ZDI-16-094
db:	ZDI	id:	ZDI-16-051
db:	ZDI	id:	ZDI-16-112
db:	ZDI	id:	ZDI-16-060
db:	ZDI	id:	ZDI-16-088
db:	ZDI	id:	ZDI-16-072
db:	ZDI	id:	ZDI-16-048
db:	ZDI	id:	ZDI-16-081
db:	ZDI	id:	ZDI-16-083
db:	ZDI	id:	ZDI-16-073
db:	ZDI	id:	ZDI-16-102
db:	ZDI	id:	ZDI-16-082
db:	ZDI	id:	ZDI-16-091
db:	CNVD	id:	CNVD-2016-00434
db:	BID	id:	80745
db:	CNNVD	id:	CNNVD-201601-329
db:	NVD	id:	CVE-2016-0856

LAST UPDATE DATE

2025-08-12T23:13:32.302000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-060	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-088	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-072	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-048	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-081	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-083	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-073	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-102	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-091	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-060	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-088	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-072	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-048	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-081	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-083	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-073	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-102	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-091	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2016-01-15T03:59:18.250