Details of VAR-201801-0152

ID

VAR-201801-0152

CVE

CVE-2017-16728

TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-012 // ZDI: ZDI-18-015

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27e7 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information

Trust: 10.17

sources: NVD: CVE-2017-16728 // ZDI: ZDI-18-019 // ZDI: ZDI-18-032 // ZDI: ZDI-18-015 // ZDI: ZDI-18-034 // ZDI: ZDI-18-014 // ZDI: ZDI-18-035 // ZDI: ZDI-18-021 // ZDI: ZDI-18-031 // ZDI: ZDI-18-040 // ZDI: ZDI-18-039 // ZDI: ZDI-18-038 // ZDI: ZDI-18-020 // ZDI: ZDI-18-012 // CNVD: CNVD-2018-00673 // BID: 102424 // IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // VULHUB: VHN-107679

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNVD: CNVD-2018-00673

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.3	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-031 // ZDI: ZDI-18-019 // ZDI: ZDI-18-021 // ZDI: ZDI-18-014 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-16728
value:	MEDIUM
Trust: 9.1
nvd@nist.gov:	CVE-2017-16728
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2018-00673
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-241
value:	HIGH
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-107679
value:	MEDIUM
Trust: 0.1

ZDI:	CVE-2017-16728
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.1
nvd@nist.gov:	CVE-2017-16728
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-00673
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107679
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16728
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-031 // ZDI: ZDI-18-019 // ZDI: ZDI-18-021 // ZDI: ZDI-18-014 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // VULHUB: VHN-107679 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	CWE-822	Trust: 1.0

sources: VULHUB: VHN-107679 // NVD: CVE-2017-16728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-241

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNNVD: CNNVD-201801-241

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02	Trust: 9.1
title:	Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)	url:	https://www.cnvd.org.cn/patchInfo/show/113125	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552	Trust: 0.6

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-031 // ZDI: ZDI-18-019 // ZDI: ZDI-18-021 // ZDI: ZDI-18-014 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16728	Trust: 11.9
db:	BID	id:	102424	Trust: 2.6
db:	ICS CERT	id:	ICSA-18-004-02	Trust: 2.0
db:	CNNVD	id:	CNNVD-201801-241	Trust: 0.9
db:	CNVD	id:	CNVD-2018-00673	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5003	Trust: 0.7
db:	ZDI	id:	ZDI-18-035	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4959	Trust: 0.7
db:	ZDI	id:	ZDI-18-012	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4973	Trust: 0.7
db:	ZDI	id:	ZDI-18-020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5006	Trust: 0.7
db:	ZDI	id:	ZDI-18-038	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5007	Trust: 0.7
db:	ZDI	id:	ZDI-18-039	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5010	Trust: 0.7
db:	ZDI	id:	ZDI-18-040	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4999	Trust: 0.7
db:	ZDI	id:	ZDI-18-031	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4966	Trust: 0.7
db:	ZDI	id:	ZDI-18-019	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4974	Trust: 0.7
db:	ZDI	id:	ZDI-18-021	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4961	Trust: 0.7
db:	ZDI	id:	ZDI-18-014	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5002	Trust: 0.7
db:	ZDI	id:	ZDI-18-034	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4962	Trust: 0.7
db:	ZDI	id:	ZDI-18-015	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5000	Trust: 0.7
db:	ZDI	id:	ZDI-18-032	Trust: 0.7
db:	IVD	id:	E2E1079E-39AB-11E9-9B2B-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-107679	Trust: 0.1

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-031 // ZDI: ZDI-18-019 // ZDI: ZDI-18-021 // ZDI: ZDI-18-014 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // VULHUB: VHN-107679 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02	Trust: 11.1
url:	http://www.securityfocus.com/bid/102424	Trust: 2.3
url:	http://webaccess.advantech.com	Trust: 0.3

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.1

SOURCES

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
db:	ZDI	id:	ZDI-18-035
db:	ZDI	id:	ZDI-18-012
db:	ZDI	id:	ZDI-18-020
db:	ZDI	id:	ZDI-18-038
db:	ZDI	id:	ZDI-18-039
db:	ZDI	id:	ZDI-18-040
db:	ZDI	id:	ZDI-18-031
db:	ZDI	id:	ZDI-18-019
db:	ZDI	id:	ZDI-18-021
db:	ZDI	id:	ZDI-18-014
db:	ZDI	id:	ZDI-18-034
db:	ZDI	id:	ZDI-18-015
db:	ZDI	id:	ZDI-18-032
db:	CNVD	id:	CNVD-2018-00673
db:	VULHUB	id:	VHN-107679
db:	BID	id:	102424
db:	CNNVD	id:	CNNVD-201801-241
db:	NVD	id:	CVE-2017-16728

LAST UPDATE DATE

2025-11-28T23:09:46.941000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-040	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-031	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-019	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-021	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-014	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-034	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-015	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-032	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	VULHUB	id:	VHN-107679	date:	2019-10-09T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2024-11-21T03:16:52.023

SOURCES RELEASE DATE

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1	date:	2018-01-10T00:00:00
db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-040	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-031	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-019	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-021	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-014	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-034	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-015	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-032	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	VULHUB	id:	VHN-107679	date:	2018-01-05T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2018-01-05T08:29:00.393