Find a vulnerability
Search criteria
1246 vulnerabilities by Advantech
CVE-2026-14162 (GCVE-0-2026-14162)
Vulnerability from nvd – Published: 2026-06-30 10:57 – Updated: 2026-06-30 12:25- CWE-306 - Missing authentication for critical function
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-11012-63761-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | Hospital Quering Management |
Affected:
0 , < 1.2.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:25:02.527865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:25:08.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital Quering Management",
"vendor": "Advantech",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-30T10:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T10:57:11.421Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-11012-63761-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"source": {
"advisory": "TVN-202606007",
"discovery": "EXTERNAL"
},
"title": "Advantech\uff5cHospital Quering Management - Missing Authentication",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-14162",
"datePublished": "2026-06-30T10:57:11.421Z",
"dateReserved": "2026-06-30T02:02:24.547Z",
"dateUpdated": "2026-06-30T12:25:08.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14161 (GCVE-0-2026-14161)
Vulnerability from nvd – Published: 2026-06-30 10:52 – Updated: 2026-06-30 12:26- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-11012-63761-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | Hospital Queuing Management |
Affected:
0 , < 1.2.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:26:24.427457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:26:28.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital Queuing Management",
"vendor": "Advantech",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-30T08:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"value": "Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T10:52:38.293Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-11012-63761-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"source": {
"advisory": "TVN-202606007",
"discovery": "EXTERNAL"
},
"title": "Advantech\uff5cHospital Queuing Management - Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-14161",
"datePublished": "2026-06-30T10:52:38.293Z",
"dateReserved": "2026-06-30T02:02:22.471Z",
"dateUpdated": "2026-06-30T12:26:28.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6888 (GCVE-0-2026-6888)
Vulnerability from nvd – Published: 2026-05-13 03:16 – Updated: 2026-05-13 14:35- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | SaaS Composer |
Affected:
prior to version 3.4.17
|
|
| Advantech | IoTSuite Growth Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoTSuite Starter Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoT Edge Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoT Edge Windows |
Affected:
prior to version 2.2.0
|
|
| Advantech | WebAccess/SCADA |
Affected:
prior to version 9.2.3
|
|
| Advantech | WebAccess SaaS-Composer |
Affected:
prior to version 3.4.17.1
|
|
| Advantech | ECOWatch SaaS-Composer |
Affected:
prior to version 3.4.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:35:40.247452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:35:53.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SaaS Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoTSuite Growth Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoTSuite Starter Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoT Edge Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoT Edge Windows",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "WebAccess/SCADA",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 9.2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "WebAccess SaaS-Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "ECOWatch SaaS-Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hoa Ly Van Huu"
}
],
"datePublic": "2026-05-13T02:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSuccessful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.\u003c/p\u003e"
}
],
"value": "Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T03:16:24.701Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\u003c/p\u003e\n\n\u003cp\u003eFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech\u0026nbsp;\u003ca href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\"\u003ehere\u0026nbsp;\u003c/a\u003efor\nthe official release of the fixed version.\u003c/p\u003e\n\n\u003cp\u003eFor IoTSuite Starter Linux docker,\nplease refer to the update guide\u0026nbsp;\u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide \u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eFor IoT Edge Linux docker, please\nrefer to the update guide\u0026nbsp;\u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide \u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide \u003ca href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\"\u003ehere\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\n\n\n\n\n\nFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech\u00a0 here\u00a0 https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for\nthe official release of the fixed version.\n\n\n\n\n\nFor IoTSuite Starter Linux docker,\nplease refer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\n\n\n\n\nFor IoT Edge Linux docker, please\nrefer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .\n\n\n\n\n\nFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide here https://www.advantech.com/en/support/details/installation ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2026-6888",
"datePublished": "2026-05-13T03:16:24.701Z",
"dateReserved": "2026-04-23T02:58:12.750Z",
"dateUpdated": "2026-05-13T14:35:53.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2670 (GCVE-0-2026-2670)
Vulnerability from nvd – Published: 2026-02-18 21:02 – Updated: 2026-02-23 10:25| URL | Tags |
|---|---|
| https://vuldb.com/?id.346467 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346467 | signaturepermissions-required |
| https://vuldb.com/?submit.753293 | third-party-advisory |
| https://github.com/master-abc/cve/issues/37 | exploitissue-tracking |
| https://www.advantech.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2670",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:32:36.994708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:32:51.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Background Management"
],
"product": "WISE-6610",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "1.2.1_20251110"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiefengliang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:25:15.372Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346467 | Advantech WISE-6610 Background Management openvpn_apply os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346467"
},
{
"name": "VDB-346467 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346467"
},
{
"name": "Submit #753293 | Advantech WISE-6610 v1.2.1_20251110 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.753293"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/master-abc/cve/issues/37"
},
{
"tags": [
"product"
],
"url": "https://www.advantech.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-18T10:22:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Advantech WISE-6610 Background Management openvpn_apply os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2670",
"datePublished": "2026-02-18T21:02:08.426Z",
"dateReserved": "2026-02-18T09:16:43.848Z",
"dateUpdated": "2026-02-23T10:25:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52694 (GCVE-0-2025-52694)
Vulnerability from nvd – Published: 2026-01-12 02:27 – Updated: 2026-01-26 02:50- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | IoTSuite and IoT Edge Products |
Affected:
SaaSComposer prior to version V3.4.15
Affected: IoTSuite Growth Linux docker prior to version V2.0.2 Affected: IoTSuite Starter Linux docker prior to version V2.0.2 Affected: IoT Edge Linux docker prior to version V2.0.2 Affected: IoT Edge Windows prior to version V2.0.2 Affected: WebAccess/SCADA prior to version V9.2.2 Affected: WebAccess SaaS-Composer prior to version 3.4.15.1 Affected: ECOWatch SaaS-Composer prior to version 3.4.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T14:31:37.398331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T14:31:52.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IoTSuite and IoT Edge Products",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "SaaSComposer prior to version V3.4.15"
},
{
"status": "affected",
"version": "IoTSuite Growth Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoTSuite Starter Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoT Edge Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoT Edge Windows prior to version V2.0.2"
},
{
"status": "affected",
"version": "WebAccess/SCADA prior to version V9.2.2"
},
{
"status": "affected",
"version": "WebAccess SaaS-Composer prior to version 3.4.15.1"
},
{
"status": "affected",
"version": "ECOWatch SaaS-Composer prior to version 3.4.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Loi Nguyen Thang"
}
],
"datePublic": "2026-01-12T02:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
}
],
"value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T02:50:33.837Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003eUsers and administrators of affected product versions are advised to update to the latest versions immediately.\u003c/div\u003e\u003cdiv\u003eFor IoTSuite SaaSComposer, IoTSuite Growth Linux docker, and IoT Edge Windows please contact Advantech \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\"\u003ehere \u003c/a\u003efor the official release of the fixed version.\u003c/div\u003e\u003cdiv\u003eFor IoTSuite Starter Linux docker, please download the update \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/div\u003e\u003cdiv\u003eFor IoT Edge Linux docker, please download the update \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Users and administrators of affected product versions are advised to update to the latest versions immediately.\n\nFor IoTSuite SaaSComposer, IoTSuite Growth Linux docker, and IoT Edge Windows please contact Advantech here https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for the official release of the fixed version.\n\nFor IoTSuite Starter Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\nFor IoT Edge Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Execution of arbitrary SQL commands",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52694",
"datePublished": "2026-01-12T02:27:16.744Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2026-01-26T02:50:33.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14162 (GCVE-0-2026-14162)
Vulnerability from cvelistv5 – Published: 2026-06-30 10:57 – Updated: 2026-06-30 12:25- CWE-306 - Missing authentication for critical function
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-11012-63761-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | Hospital Quering Management |
Affected:
0 , < 1.2.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:25:02.527865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:25:08.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital Quering Management",
"vendor": "Advantech",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-30T10:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"value": "Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T10:57:11.421Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-11012-63761-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"source": {
"advisory": "TVN-202606007",
"discovery": "EXTERNAL"
},
"title": "Advantech\uff5cHospital Quering Management - Missing Authentication",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-14162",
"datePublished": "2026-06-30T10:57:11.421Z",
"dateReserved": "2026-06-30T02:02:24.547Z",
"dateUpdated": "2026-06-30T12:25:08.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14161 (GCVE-0-2026-14161)
Vulnerability from cvelistv5 – Published: 2026-06-30 10:52 – Updated: 2026-06-30 12:26- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-11012-63761-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | Hospital Queuing Management |
Affected:
0 , < 1.2.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:26:24.427457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:26:28.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital Queuing Management",
"vendor": "Advantech",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-30T08:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"value": "Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T10:52:38.293Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-11012-63761-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"value": "Update HQM ISO to version 1.2.13 or later, or update QueueHttp.dll to version 1.2.12.7 or later."
}
],
"source": {
"advisory": "TVN-202606007",
"discovery": "EXTERNAL"
},
"title": "Advantech\uff5cHospital Queuing Management - Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-14161",
"datePublished": "2026-06-30T10:52:38.293Z",
"dateReserved": "2026-06-30T02:02:22.471Z",
"dateUpdated": "2026-06-30T12:26:28.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6888 (GCVE-0-2026-6888)
Vulnerability from cvelistv5 – Published: 2026-05-13 03:16 – Updated: 2026-05-13 14:35- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | SaaS Composer |
Affected:
prior to version 3.4.17
|
|
| Advantech | IoTSuite Growth Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoTSuite Starter Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoT Edge Linux docker |
Affected:
prior to version 2.2.0
|
|
| Advantech | IoT Edge Windows |
Affected:
prior to version 2.2.0
|
|
| Advantech | WebAccess/SCADA |
Affected:
prior to version 9.2.3
|
|
| Advantech | WebAccess SaaS-Composer |
Affected:
prior to version 3.4.17.1
|
|
| Advantech | ECOWatch SaaS-Composer |
Affected:
prior to version 3.4.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:35:40.247452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:35:53.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SaaS Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoTSuite Growth Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoTSuite Starter Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoT Edge Linux docker",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "IoT Edge Windows",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "WebAccess/SCADA",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 9.2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "WebAccess SaaS-Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "ECOWatch SaaS-Composer",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "prior to version 3.4.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hoa Ly Van Huu"
}
],
"datePublic": "2026-05-13T02:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSuccessful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.\u003c/p\u003e"
}
],
"value": "Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T03:16:24.701Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\u003c/p\u003e\n\n\u003cp\u003eFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech\u0026nbsp;\u003ca href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\"\u003ehere\u0026nbsp;\u003c/a\u003efor\nthe official release of the fixed version.\u003c/p\u003e\n\n\u003cp\u003eFor IoTSuite Starter Linux docker,\nplease refer to the update guide\u0026nbsp;\u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide \u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eFor IoT Edge Linux docker, please\nrefer to the update guide\u0026nbsp;\u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide \u003ca href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide \u003ca href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\"\u003ehere\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\n\n\n\n\n\nFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech\u00a0 here\u00a0 https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for\nthe official release of the fixed version.\n\n\n\n\n\nFor IoTSuite Starter Linux docker,\nplease refer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\n\n\n\n\nFor IoT Edge Linux docker, please\nrefer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .\n\n\n\n\n\nFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide here https://www.advantech.com/en/support/details/installation ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2026-6888",
"datePublished": "2026-05-13T03:16:24.701Z",
"dateReserved": "2026-04-23T02:58:12.750Z",
"dateUpdated": "2026-05-13T14:35:53.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2670 (GCVE-0-2026-2670)
Vulnerability from cvelistv5 – Published: 2026-02-18 21:02 – Updated: 2026-02-23 10:25| URL | Tags |
|---|---|
| https://vuldb.com/?id.346467 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346467 | signaturepermissions-required |
| https://vuldb.com/?submit.753293 | third-party-advisory |
| https://github.com/master-abc/cve/issues/37 | exploitissue-tracking |
| https://www.advantech.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2670",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:32:36.994708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:32:51.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Background Management"
],
"product": "WISE-6610",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "1.2.1_20251110"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiefengliang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:25:15.372Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346467 | Advantech WISE-6610 Background Management openvpn_apply os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346467"
},
{
"name": "VDB-346467 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346467"
},
{
"name": "Submit #753293 | Advantech WISE-6610 v1.2.1_20251110 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.753293"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/master-abc/cve/issues/37"
},
{
"tags": [
"product"
],
"url": "https://www.advantech.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-18T10:22:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Advantech WISE-6610 Background Management openvpn_apply os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2670",
"datePublished": "2026-02-18T21:02:08.426Z",
"dateReserved": "2026-02-18T09:16:43.848Z",
"dateUpdated": "2026-02-23T10:25:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52694 (GCVE-0-2025-52694)
Vulnerability from cvelistv5 – Published: 2026-01-12 02:27 – Updated: 2026-01-26 02:50- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | IoTSuite and IoT Edge Products |
Affected:
SaaSComposer prior to version V3.4.15
Affected: IoTSuite Growth Linux docker prior to version V2.0.2 Affected: IoTSuite Starter Linux docker prior to version V2.0.2 Affected: IoT Edge Linux docker prior to version V2.0.2 Affected: IoT Edge Windows prior to version V2.0.2 Affected: WebAccess/SCADA prior to version V9.2.2 Affected: WebAccess SaaS-Composer prior to version 3.4.15.1 Affected: ECOWatch SaaS-Composer prior to version 3.4.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T14:31:37.398331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T14:31:52.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IoTSuite and IoT Edge Products",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "SaaSComposer prior to version V3.4.15"
},
{
"status": "affected",
"version": "IoTSuite Growth Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoTSuite Starter Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoT Edge Linux docker prior to version V2.0.2"
},
{
"status": "affected",
"version": "IoT Edge Windows prior to version V2.0.2"
},
{
"status": "affected",
"version": "WebAccess/SCADA prior to version V9.2.2"
},
{
"status": "affected",
"version": "WebAccess SaaS-Composer prior to version 3.4.15.1"
},
{
"status": "affected",
"version": "ECOWatch SaaS-Composer prior to version 3.4.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Loi Nguyen Thang"
}
],
"datePublic": "2026-01-12T02:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
}
],
"value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T02:50:33.837Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003eUsers and administrators of affected product versions are advised to update to the latest versions immediately.\u003c/div\u003e\u003cdiv\u003eFor IoTSuite SaaSComposer, IoTSuite Growth Linux docker, and IoT Edge Windows please contact Advantech \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\"\u003ehere \u003c/a\u003efor the official release of the fixed version.\u003c/div\u003e\u003cdiv\u003eFor IoTSuite Starter Linux docker, please download the update \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/div\u003e\u003cdiv\u003eFor IoT Edge Linux docker, please download the update \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\"\u003ehere\u003c/a\u003e.\u003c/div\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Users and administrators of affected product versions are advised to update to the latest versions immediately.\n\nFor IoTSuite SaaSComposer, IoTSuite Growth Linux docker, and IoT Edge Windows please contact Advantech here https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for the official release of the fixed version.\n\nFor IoTSuite Starter Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\nFor IoT Edge Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Execution of arbitrary SQL commands",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52694",
"datePublished": "2026-01-12T02:27:16.744Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2026-01-26T02:50:33.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201810-0396
Vulnerability from variot - Updated: 2026-04-11 00:00Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess node",
"scope": null,
"trust": 8.4,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=8.3.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.2"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8"
},
{
"_id": null,
"model": "webaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3.3"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "BID",
"id": "105728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
},
{
"db": "NVD",
"id": "CVE-2018-14816"
}
]
},
"credits": {
"_id": null,
"data": "Mat Powell of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "BID",
"id": "105728"
}
],
"trust": 8.7
},
"cve": "CVE-2018-14816",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14816",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 8.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14816",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21935",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125013",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14816",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14816",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14816",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-21935",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1188",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "VULHUB",
"id": "VHN-125013"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
},
{
"db": "NVD",
"id": "CVE-2018-14816"
}
]
},
"description": {
"_id": null,
"data": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech\u0027s IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n3. An arbitrary-file-deletion vulnerability\n4. This may aid in further attacks. \nAdvantech WebAccess 8.3.1 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14816"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "BID",
"id": "105728"
},
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125013"
}
],
"trust": 9.54
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14816",
"trust": 11.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-296-01",
"trust": 2.6
},
{
"db": "BID",
"id": "105728",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041939",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-21935",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6299",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1311",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6300",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1312",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6296",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1308",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6298",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1310",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6302",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1314",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6295",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1307",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6287",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1300",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6285",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1298",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6301",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1313",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6292",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1304",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6297",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1309",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6294",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1306",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FEEFE1-39AB-11E9-8E28-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125013",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "VULHUB",
"id": "VHN-125013"
},
{
"db": "BID",
"id": "105728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
},
{
"db": "NVD",
"id": "CVE-2018-14816"
}
]
},
"id": "VAR-201810-0396",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "VULHUB",
"id": "VHN-125013"
}
],
"trust": 1.4399341300000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
}
]
},
"last_update_date": "2026-04-11T00:00:09.308000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 8.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01"
},
{
"title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21935)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143393"
},
{
"title": "Advantech WebAccess Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86280"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125013"
},
{
"db": "NVD",
"id": "CVE-2018-14816"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 9.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105728"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041939"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1311"
},
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1308"
},
{
"db": "ZDI",
"id": "ZDI-18-1310"
},
{
"db": "ZDI",
"id": "ZDI-18-1314"
},
{
"db": "ZDI",
"id": "ZDI-18-1307"
},
{
"db": "ZDI",
"id": "ZDI-18-1300"
},
{
"db": "ZDI",
"id": "ZDI-18-1298"
},
{
"db": "ZDI",
"id": "ZDI-18-1313"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
},
{
"db": "ZDI",
"id": "ZDI-18-1309"
},
{
"db": "ZDI",
"id": "ZDI-18-1306"
},
{
"db": "CNVD",
"id": "CNVD-2018-21935"
},
{
"db": "VULHUB",
"id": "VHN-125013"
},
{
"db": "BID",
"id": "105728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
},
{
"db": "NVD",
"id": "CVE-2018-14816"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1311",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1312",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1308",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1310",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1314",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1307",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1300",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1298",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1313",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1304",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1309",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1306",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-21935",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125013",
"ident": null
},
{
"db": "BID",
"id": "105728",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14816",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-28T00:00:00",
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1311",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1312",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1308",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1310",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1314",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1307",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1300",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1298",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1313",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1304",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1309",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1306",
"ident": null
},
{
"date": "2018-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21935",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-125013",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105728",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1188",
"ident": null
},
{
"date": "2018-10-23T20:29:00.530000",
"db": "NVD",
"id": "CVE-2018-14816",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1311",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1312",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1308",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1310",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1314",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1307",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1300",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1298",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1313",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1304",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1309",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1306",
"ident": null
},
{
"date": "2018-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21935",
"ident": null
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125013",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105728",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1188",
"ident": null
},
{
"date": "2024-11-21T03:49:51.383000",
"db": "NVD",
"id": "CVE-2018-14816",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1312"
},
{
"db": "ZDI",
"id": "ZDI-18-1304"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2feefe1-39ab-11e9-8e28-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1188"
}
],
"trust": 0.8
}
}
VAR-201105-0156
Vulnerability from variot - Updated: 2026-04-10 23:54Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012
-
-- CVE ID: CVE-2011-0340
-
-- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-
-- Affected Vendors: Indusoft
-
-- Affected Products: Indusoft WebStudio
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12446.
-
-- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php
-
-- Disclosure Timeline: 2011-12-19 - Vulnerability reported to vendor 2012-08-29 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Alexander Gavrun
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8
wsBVAwUBUD4cZ1VtgMGTo1scAQJoagf/ZpDTiahOQlERNABRglBe8krgQHhSHddX qVTQjFEyoOL8df5cA/I3JLJxEYRzcT0k8FSdoHUAMDWA8Oxv1BB62r7fgHC1BFjp jbH6u0mL+eYd95jqwfYaruakhABiCRR73nCxYvYGb1Bvx6piBDneD9E+Nx+qycF5 HKb5Fr0wwT+sWssIsnAHx5jDUamdRyQfOR1MAzb6GfKWDsRqwr/T5hWvRLqbZ3Cj VXwmd+MIIAQZIMJ8swKgBvbSeV4tcePun1NhqJYAJtySYR6a6oF112Gk+kXlNXDi EvynyGSXvzLMKEd+vmzSBbVeftCxNQJ8Ce4Vg+LYMGk0YHfoupt3gQ== =Fw26 -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "thin client",
"scope": "eq",
"trust": 3.7,
"vendor": "indusoft",
"version": "7.0"
},
{
"_id": null,
"model": "web studio 7.0b2",
"scope": null,
"trust": 2.7,
"vendor": "indusoft",
"version": null
},
{
"_id": null,
"model": "studio sp6 build",
"scope": "eq",
"trust": 2.7,
"vendor": "advantech",
"version": "6.161.6.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 1.6,
"vendor": "web studio",
"version": "6.1"
},
{
"_id": null,
"model": "web studio",
"scope": "eq",
"trust": 1.6,
"vendor": "indusoft",
"version": "6.1"
},
{
"_id": null,
"model": "webstudio",
"scope": null,
"trust": 1.4,
"vendor": "indusoft",
"version": null
},
{
"_id": null,
"model": "web studio",
"scope": "lte",
"trust": 1.0,
"vendor": "indusoft",
"version": "7.0"
},
{
"_id": null,
"model": "studio",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": "6.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "advantech studio",
"version": "6.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "thin client",
"version": "7.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "web studio",
"version": "*"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.0+sp1"
},
{
"_id": null,
"model": "thin client",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.0"
},
{
"_id": null,
"model": "studio",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "6.1:sp6_61.6.01.05"
},
{
"_id": null,
"model": "web studio",
"scope": "ne",
"trust": 0.3,
"vendor": "indusoft",
"version": "7.0.104"
},
{
"_id": null,
"model": "studio",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "BID",
"id": "47596"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "NVD",
"id": "CVE-2011-0340"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:indusoft_web_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:thin_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:advantech:advantech_studio",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
}
]
},
"credits": {
"_id": null,
"data": "Alexander Gavrun",
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
}
],
"trust": 1.4
},
"cve": "CVE-2011-0340",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0340",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-0340",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "03126d9a-2355-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-48285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2011-0340",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-0340",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-318",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-48285",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "VULHUB",
"id": "VHN-48285"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "NVD",
"id": "CVE-2011-0340"
}
]
},
"description": {
"_id": null,
"data": "Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the \u0027InternationalOrder\u0027 parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \\\"InternationalSeparator\\\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. \nAdvantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote\nCode Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-168\nAugust 29, 2012\n\n- -- CVE ID:\nCVE-2011-0340\n\n- -- CVSS:\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\n\n- -- Affected Vendors:\nIndusoft\n\n- -- Affected Products:\nIndusoft WebStudio\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12446. \n\n- -- Vendor Response:\nIndusoft has issued an update to correct this vulnerability. More details\ncan be found at:\nhttp://www.indusoft.com/hotfixes/hotfixes.php\n\n\n- -- Disclosure Timeline:\n2011-12-19 - Vulnerability reported to vendor\n2012-08-29 - Coordinated public release of advisory\n\n- -- Credit:\nThis vulnerability was discovered by:\n* Alexander Gavrun\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950)\nCharset: utf-8\n\nwsBVAwUBUD4cZ1VtgMGTo1scAQJoagf/ZpDTiahOQlERNABRglBe8krgQHhSHddX\nqVTQjFEyoOL8df5cA/I3JLJxEYRzcT0k8FSdoHUAMDWA8Oxv1BB62r7fgHC1BFjp\njbH6u0mL+eYd95jqwfYaruakhABiCRR73nCxYvYGb1Bvx6piBDneD9E+Nx+qycF5\nHKb5Fr0wwT+sWssIsnAHx5jDUamdRyQfOR1MAzb6GfKWDsRqwr/T5hWvRLqbZ3Cj\nVXwmd+MIIAQZIMJ8swKgBvbSeV4tcePun1NhqJYAJtySYR6a6oF112Gk+kXlNXDi\nEvynyGSXvzLMKEd+vmzSBbVeftCxNQJ8Ce4Vg+LYMGk0YHfoupt3gQ==\n=Fw26\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0340"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "BID",
"id": "47596"
},
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-48285"
},
{
"db": "PACKETSTORM",
"id": "115995"
}
],
"trust": 6.21
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-48285",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48285"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-0340",
"trust": 7.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-249-03",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "43116",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318",
"trust": 1.5
},
{
"db": "BID",
"id": "47596",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "42928",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-1115",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-1116",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-1635",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-1637",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-1634",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-1636",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-12-168",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-168-01A",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-131-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1341",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-12-155",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1342",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "17594",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-230-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "03126D9A-2355-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "0A3C1E31-E21B-43A6-BC03-7B31C6D49349",
"trust": 0.2
},
{
"db": "IVD",
"id": "B3A31758-1F96-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "D282DD20-1F96-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115995",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "118932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115807",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-77261",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "23500",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-48285",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "VULHUB",
"id": "VHN-48285"
},
{
"db": "BID",
"id": "47596"
},
{
"db": "PACKETSTORM",
"id": "115995"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "NVD",
"id": "CVE-2011-0340"
}
]
},
"id": "VAR-201105-0156",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "VULHUB",
"id": "VHN-48285"
}
],
"trust": 3.9850195599999996
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
}
]
},
"last_update_date": "2026-04-10T23:54:41.678000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Indusoft has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.com/products/"
},
{
"title": "Advantech Studio ISSymbol ActiveX Buffer Overflow",
"trust": 0.8,
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
},
{
"title": "Security Updates and Hotfixes",
"trust": 0.8,
"url": "http://www.indusoft.com/Login?returnurl=%2fProducts-Downloads%2fSecurity-Hotfix-Updates"
},
{
"title": "Advantech Studio ISSymbol ActiveX control has a patch for border vulnerabilities when creating log files",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3696"
},
{
"title": "Advantech Studio ISSymbol ActiveX control handles patches for boundary violations in some windows processes",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3695"
},
{
"title": "Advantech Studio ISSymbol ActiveX Control Processing",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3693"
},
{
"title": "Advantech Studio ISSymbol ActiveX control handles the \\\"InternationalSeparator\\\" attribute with a border vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3694"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48285"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "NVD",
"id": "CVE-2011-0340"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.5,
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"trust": 2.4,
"url": "http://secunia.com/secunia_research/2011-37/http"
},
{
"trust": 2.2,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-02.pdf"
},
{
"trust": 1.9,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-249-03"
},
{
"trust": 1.7,
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43116"
},
{
"trust": 1.4,
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/47596"
},
{
"trust": 1.1,
"url": "http://www.advantechdirect.com/emarketingprograms/astudio_patch/astudio7.0_patch_final.htm"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42928"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/1116"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0340"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-168-01a.pdf"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-131-01.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0340"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17594"
},
{
"trust": 0.3,
"url": "http://www.advantech.com/products/advantech-studio/mod_3d1b45b0-b0af-405c-a9cc-a27b35774634.aspx"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/indusoftart.php?catid=1\u0026name=iws/webstudio"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-230-01.pdf"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0340"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-168"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-155"
},
{
"db": "ZDI",
"id": "ZDI-12-168"
},
{
"db": "CNVD",
"id": "CNVD-2011-1637"
},
{
"db": "CNVD",
"id": "CNVD-2011-1636"
},
{
"db": "CNVD",
"id": "CNVD-2011-1634"
},
{
"db": "CNVD",
"id": "CNVD-2011-1635"
},
{
"db": "VULHUB",
"id": "VHN-48285"
},
{
"db": "BID",
"id": "47596"
},
{
"db": "PACKETSTORM",
"id": "115995"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
},
{
"db": "NVD",
"id": "CVE-2011-0340"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349",
"ident": null
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-12-155",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-12-168",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2011-1637",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2011-1636",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2011-1634",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2011-1635",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-48285",
"ident": null
},
{
"db": "BID",
"id": "47596",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "115995",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004090",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-0340",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-04-28T00:00:00",
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2012-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-12-155",
"ident": null
},
{
"date": "2012-08-29T00:00:00",
"db": "ZDI",
"id": "ZDI-12-168",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1637",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1636",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1634",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1635",
"ident": null
},
{
"date": "2011-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-48285",
"ident": null
},
{
"date": "2011-04-27T00:00:00",
"db": "BID",
"id": "47596",
"ident": null
},
{
"date": "2012-08-29T14:17:01",
"db": "PACKETSTORM",
"id": "115995",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-318",
"ident": null
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004090",
"ident": null
},
{
"date": "2011-05-04T22:55:01.467000",
"db": "NVD",
"id": "CVE-2011-0340",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2012-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-12-155",
"ident": null
},
{
"date": "2012-08-29T00:00:00",
"db": "ZDI",
"id": "ZDI-12-168",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1637",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1636",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1634",
"ident": null
},
{
"date": "2011-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1635",
"ident": null
},
{
"date": "2013-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-48285",
"ident": null
},
{
"date": "2013-04-02T15:57:00",
"db": "BID",
"id": "47596",
"ident": null
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-318",
"ident": null
},
{
"date": "2016-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004090",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0340",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115995"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "ISSymbol Virtual machine ISSymbol ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004090"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "03126d9a-2355-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a3c1e31-e21b-43a6-bc03-7b31c6d49349"
},
{
"db": "IVD",
"id": "b3a31758-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d282dd20-1f96-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-318"
}
],
"trust": 1.4
}
}
VAR-202005-0008
Vulnerability from variot - Updated: 2026-04-10 23:52Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791d in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess/scada",
"scope": null,
"trust": 8.4,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.4.4"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": "9.0.0"
},
{
"_id": null,
"model": "webaccess node",
"scope": "gte",
"trust": 0.6,
"vendor": "advantech",
"version": "8.4.4"
},
{
"_id": null,
"model": "webaccess node",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "9.0.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "9.0.0"
}
],
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "NVD",
"id": "CVE-2020-10638"
}
]
},
"credits": {
"_id": null,
"data": "Z0mb1E",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
}
],
"trust": 8.4
},
"cve": "CVE-2020-10638",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10638",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29739",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163136",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 7.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2020-10638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-10638",
"trust": 7.7,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10638",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-10638",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-29739",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-295",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163136",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10638",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "VULHUB",
"id": "VHN-163136"
},
{
"db": "VULMON",
"id": "CVE-2020-10638"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
},
{
"db": "NVD",
"id": "CVE-2020-10638"
}
]
},
"description": {
"_id": null,
"data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791d in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10638"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "VULHUB",
"id": "VHN-163136"
},
{
"db": "VULMON",
"id": "CVE-2020-10638"
}
],
"trust": 9.54
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10638",
"trust": 11.2
},
{
"db": "ZDI",
"id": "ZDI-20-593",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-599",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-603",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-621",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-616",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-128-01",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-600",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2020-29739",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-597",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-631",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-620",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-601",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-617",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-602",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-20-623",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9902",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9985",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9994",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9892",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9897",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10081",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9998",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9890",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10085",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9895",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10337",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9889",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-635",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1646",
"trust": 0.6
},
{
"db": "IVD",
"id": "95F15ED9-ABD1-4FA7-B3B8-CCE038C93754",
"trust": 0.2
},
{
"db": "IVD",
"id": "619B16C7-A995-4CDF-B7BE-D91E2BDC75EC",
"trust": 0.2
},
{
"db": "ZDI",
"id": "ZDI-20-604",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-20-596",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-20-594",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-20-618",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163136",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10638",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "VULHUB",
"id": "VHN-163136"
},
{
"db": "VULMON",
"id": "CVE-2020-10638"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
},
{
"db": "NVD",
"id": "CVE-2020-10638"
}
]
},
"id": "VAR-202005-0008",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "VULHUB",
"id": "VHN-163136"
}
],
"trust": 1.679503486666667
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
}
]
},
"last_update_date": "2026-04-10T23:52:18.503000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 8.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36"
},
{
"title": "Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-29739)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/218845"
},
{
"title": "Advantech WebAccess Node Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118647"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163136"
},
{
"db": "NVD",
"id": "CVE-2020-10638"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 8.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36"
},
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-593/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-599/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-600/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-603/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-616/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-621/"
},
{
"trust": 0.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-635/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10638"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1646/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-594/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-596/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-597/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-601/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-602/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-604/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-617/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-618/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-620/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-623/"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-631/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181596"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-593"
},
{
"db": "ZDI",
"id": "ZDI-20-597"
},
{
"db": "ZDI",
"id": "ZDI-20-599"
},
{
"db": "ZDI",
"id": "ZDI-20-631"
},
{
"db": "ZDI",
"id": "ZDI-20-603"
},
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-601"
},
{
"db": "ZDI",
"id": "ZDI-20-617"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
},
{
"db": "ZDI",
"id": "ZDI-20-602"
},
{
"db": "ZDI",
"id": "ZDI-20-623"
},
{
"db": "ZDI",
"id": "ZDI-20-616"
},
{
"db": "CNVD",
"id": "CNVD-2020-29739"
},
{
"db": "VULHUB",
"id": "VHN-163136"
},
{
"db": "VULMON",
"id": "CVE-2020-10638"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
},
{
"db": "NVD",
"id": "CVE-2020-10638"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754",
"ident": null
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-593",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-597",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-599",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-631",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-603",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-620",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-601",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-617",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-621",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-602",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-623",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-616",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-29739",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-163136",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10638",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10638",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754",
"ident": null
},
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-593",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-597",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-599",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-631",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-603",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-620",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-601",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-617",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-621",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-602",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-623",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-616",
"ident": null
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29739",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-163136",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10638",
"ident": null
},
{
"date": "2020-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-295",
"ident": null
},
{
"date": "2020-05-08T12:15:11.067000",
"db": "NVD",
"id": "CVE-2020-10638",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-593",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-597",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-599",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-631",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-603",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-620",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-601",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-617",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-621",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-602",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-623",
"ident": null
},
{
"date": "2020-05-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-616",
"ident": null
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29739",
"ident": null
},
{
"date": "2021-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-163136",
"ident": null
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10638",
"ident": null
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-295",
"ident": null
},
{
"date": "2024-11-21T04:55:45.027000",
"db": "NVD",
"id": "CVE-2020-10638",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess/SCADA BwTCPIP Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-620"
},
{
"db": "ZDI",
"id": "ZDI-20-621"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754"
},
{
"db": "IVD",
"id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-295"
}
],
"trust": 1.0
}
}
VAR-202206-2050
Vulnerability from variot - Updated: 2026-04-10 23:52The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the PROP_GetCommunity and PROP_SetCommunity elements of the performSearchDevice action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"credits": {
"_id": null,
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
],
"trust": 8.4
},
"cve": "CVE-2022-2135",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 8.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"description": {
"_id": null,
"data": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the PROP_GetCommunity and PROP_SetCommunity elements of the performSearchDevice action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "VULMON",
"id": "CVE-2022-2135"
}
],
"trust": 11.16
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-2135",
"trust": 12.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 1.2
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16750",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-919",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16529",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-918",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16535",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-917",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16561",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-916",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16585",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-915",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16562",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-914",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16751",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-912",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16747",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-908",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16546",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-906",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16731",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-902",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16693",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-898",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16694",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-896",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16547",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-892",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16563",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-888",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16560",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-886",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16647",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-882",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426269",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2135",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "VULMON",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"id": "VAR-202206-2050",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:52:15.611000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 12.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-906"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-896"
},
{
"db": "ZDI",
"id": "ZDI-22-892"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-886"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "VULMON",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-22-919",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-918",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-917",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-916",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-915",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-914",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-912",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-908",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-906",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-902",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-898",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-896",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-892",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-888",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-886",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-882",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-426269",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-2135",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-2135",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-912",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-906",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-902",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-896",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-892",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-886",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882",
"ident": null
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426269",
"ident": null
},
{
"date": "2022-07-22T15:15:08.117000",
"db": "NVD",
"id": "CVE-2022-2135",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-912",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-906",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-902",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-896",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-892",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-886",
"ident": null
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882",
"ident": null
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426269",
"ident": null
},
{
"date": "2022-07-28T20:10:10.260000",
"db": "NVD",
"id": "CVE-2022-2135",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Advantech iView setTaskEditorItem DESCRIPTION SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
}
],
"trust": 0.7
}
}
VAR-201904-0181
Vulnerability from variot - Updated: 2026-04-10 23:50Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwNodeIP.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 9.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.5"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=8.3.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "NVD",
"id": "CVE-2019-6550"
}
]
},
"credits": {
"_id": null,
"data": "Mat Powell of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
}
],
"trust": 9.1
},
"cve": "CVE-2019-6550",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6550",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-08948",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6550",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 9.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6550",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-6550",
"trust": 9.8,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6550",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-08948",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-089",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-6550",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "VULMON",
"id": "CVE-2019-6550"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
},
{
"db": "NVD",
"id": "CVE-2019-6550"
}
]
},
"description": {
"_id": null,
"data": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwNodeIP.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6550"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "VULMON",
"id": "CVE-2019-6550"
}
],
"trust": 10.53
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-6550",
"trust": 12.3
},
{
"db": "ZDI",
"id": "ZDI-19-585",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-092-01",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-330",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2019-08948",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7914",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-322",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7899",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-311",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7924",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-329",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7927",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-325",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7901",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-313",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7905",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-317",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7882",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-328",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7898",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-310",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7920",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-321",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7930",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7912",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-319",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7911",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7925",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-323",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-327",
"trust": 0.7
},
{
"db": "BID",
"id": "107675",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1113",
"trust": 0.6
},
{
"db": "IVD",
"id": "4D85A7A9-A091-4C59-84E6-73C8B6639498",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-6550",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "VULMON",
"id": "CVE-2019-6550"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
},
{
"db": "NVD",
"id": "CVE-2019-6550"
}
]
},
"id": "VAR-201904-0181",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
}
],
"trust": 1.34667458
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
}
]
},
"last_update_date": "2026-04-10T23:50:53.514000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 5.6,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-091-01"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-092-01"
},
{
"title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/157945"
},
{
"title": "Advantech WebAccess/SCADA Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91013"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6550"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 8.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-092-01"
},
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-091-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-585/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/107675"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-092-01"
},
{
"trust": 0.6,
"url": "https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv\u0026doc_source=download"
},
{
"trust": 0.6,
"url": "https://www.advantech.com/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6550"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-330/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78318"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-322"
},
{
"db": "ZDI",
"id": "ZDI-19-311"
},
{
"db": "ZDI",
"id": "ZDI-19-329"
},
{
"db": "ZDI",
"id": "ZDI-19-325"
},
{
"db": "ZDI",
"id": "ZDI-19-313"
},
{
"db": "ZDI",
"id": "ZDI-19-317"
},
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-310"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
},
{
"db": "ZDI",
"id": "ZDI-19-330"
},
{
"db": "ZDI",
"id": "ZDI-19-319"
},
{
"db": "ZDI",
"id": "ZDI-19-585"
},
{
"db": "ZDI",
"id": "ZDI-19-323"
},
{
"db": "ZDI",
"id": "ZDI-19-327"
},
{
"db": "CNVD",
"id": "CNVD-2019-08948"
},
{
"db": "VULMON",
"id": "CVE-2019-6550"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
},
{
"db": "NVD",
"id": "CVE-2019-6550"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-322",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-311",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-329",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-325",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-313",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-317",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-328",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-310",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-321",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-330",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-319",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-585",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-323",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-327",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-08948",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-6550",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-6550",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-322",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-311",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-329",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-325",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-313",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-317",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-328",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-310",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-321",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-330",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-319",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-585",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-323",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-327",
"ident": null
},
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08948",
"ident": null
},
{
"date": "2019-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6550",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-089",
"ident": null
},
{
"date": "2019-04-05T19:29:00.310000",
"db": "NVD",
"id": "CVE-2019-6550",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-322",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-311",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-329",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-325",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-313",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-317",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-328",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-310",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-321",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-330",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-319",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-585",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-323",
"ident": null
},
{
"date": "2019-04-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-327",
"ident": null
},
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08948",
"ident": null
},
{
"date": "2020-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6550",
"ident": null
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-089",
"ident": null
},
{
"date": "2024-11-21T04:46:40.660000",
"db": "NVD",
"id": "CVE-2019-6550",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess Node bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-328"
},
{
"db": "ZDI",
"id": "ZDI-19-321"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "4d85a7a9-a091-4c59-84e6-73c8b6639498"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-089"
}
],
"trust": 0.8
}
}
VAR-201601-0038
Vulnerability from variot - Updated: 2026-04-10 23:45Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2731 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "8.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
},
{
"db": "NVD",
"id": "CVE-2016-0856"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
}
],
"trust": 11.2
},
"cve": "CVE-2016-0856",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 11.2,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "64dba96e-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0856",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-0856",
"trust": 11.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0856",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-00434",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-329",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
},
{
"db": "NVD",
"id": "CVE-2016-0856"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2731 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0856"
},
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 11.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-0856",
"trust": 13.6
},
{
"db": "ZDI",
"id": "ZDI-16-103",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-16-114",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-16-101",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-16-117",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-16-108",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-113",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-112",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-116",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-100",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-111",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-118",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-115",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-106",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-120",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-110",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-102",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-16-109",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-16-014-01",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-00434",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3211",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-090",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3239",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-062",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3207",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-094",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3175",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-051",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3224",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-077",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3198",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3186",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3203",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-098",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3202",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-099",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3149",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-048",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3220",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-081",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3200",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3183",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3230",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-071",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3219",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-082",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3225",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-076",
"trust": 0.7
},
{
"db": "CXSECURITY",
"id": "WLB-2018030263",
"trust": 0.6
},
{
"db": "IVD",
"id": "64DBA96E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
},
{
"db": "NVD",
"id": "CVE-2016-0856"
}
]
},
"id": "VAR-201601-0038",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
}
],
"trust": 1.23470696
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
}
]
},
"last_update_date": "2026-04-10T23:45:45.755000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01"
},
{
"title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/70378"
},
{
"title": "Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0856"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 12.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-114"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-118"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-112"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-108"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-101"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-116"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-113"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-106"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-120"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-100"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-110"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-109"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-111"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-103"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-115"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-117"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-102"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2018030263"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-062"
},
{
"db": "ZDI",
"id": "ZDI-16-094"
},
{
"db": "ZDI",
"id": "ZDI-16-051"
},
{
"db": "ZDI",
"id": "ZDI-16-077"
},
{
"db": "ZDI",
"id": "ZDI-16-103"
},
{
"db": "ZDI",
"id": "ZDI-16-114"
},
{
"db": "ZDI",
"id": "ZDI-16-098"
},
{
"db": "ZDI",
"id": "ZDI-16-099"
},
{
"db": "ZDI",
"id": "ZDI-16-048"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
},
{
"db": "ZDI",
"id": "ZDI-16-101"
},
{
"db": "ZDI",
"id": "ZDI-16-117"
},
{
"db": "ZDI",
"id": "ZDI-16-071"
},
{
"db": "ZDI",
"id": "ZDI-16-082"
},
{
"db": "ZDI",
"id": "ZDI-16-076"
},
{
"db": "CNVD",
"id": "CNVD-2016-00434"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
},
{
"db": "NVD",
"id": "CVE-2016-0856"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-090",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-062",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-094",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-051",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-077",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-103",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-114",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-098",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-099",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-048",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-081",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-101",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-117",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-071",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-082",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-076",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-00434",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201601-329",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-0856",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-01-25T00:00:00",
"db": "IVD",
"id": "64dba96e-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-090",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-062",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-094",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-051",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-077",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-103",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-114",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-098",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-099",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-048",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-081",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-101",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-117",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-071",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-082",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-076",
"ident": null
},
{
"date": "2016-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00434",
"ident": null
},
{
"date": "2016-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-329",
"ident": null
},
{
"date": "2016-01-15T03:59:18.250000",
"db": "NVD",
"id": "CVE-2016-0856",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-090",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-062",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-094",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-051",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-077",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-103",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-114",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-098",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-099",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-048",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-081",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-101",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-117",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-071",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-082",
"ident": null
},
{
"date": "2016-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-16-076",
"ident": null
},
{
"date": "2016-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00434",
"ident": null
},
{
"date": "2021-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-329",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0856",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-090"
},
{
"db": "ZDI",
"id": "ZDI-16-081"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-329"
}
],
"trust": 0.6
}
}
VAR-201801-0151
Vulnerability from variot - Updated: 2026-04-10 23:45A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the BwOpcImg utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 9.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "8.3"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.2"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.0"
},
{
"_id": null,
"model": "webaccess 8.2 20170330",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.2"
},
{
"_id": null,
"model": "webaccess 8.1 20160519",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess 8.0 20150816",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8"
},
{
"_id": null,
"model": "webaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "BID",
"id": "102424"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
},
{
"db": "NVD",
"id": "CVE-2017-16724"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Offensive Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
}
],
"trust": 9.8
},
"cve": "CVE-2017-16724",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 9.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16724",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16724",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-00671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16724",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-16724",
"trust": 9.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16724",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2017-16724",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00671",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-242",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
},
{
"db": "NVD",
"id": "CVE-2017-16724"
}
]
},
"description": {
"_id": null,
"data": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the BwOpcImg utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A directory-traversal vulnerability\n4. An SQL-injection vulnerability\n5. Failed attacks will cause denial of service conditions. \nversions prior to Advantech WebAccess 8.3 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16724"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "BID",
"id": "102424"
},
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
}
],
"trust": 10.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-16724",
"trust": 12.5
},
{
"db": "BID",
"id": "102424",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-004-02",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-00671",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5045",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-044",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5052",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-050",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5054",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-053",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5064",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-061",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4993",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-025",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5048",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-047",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5061",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-058",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5063",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-060",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5050",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-049",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5046",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-045",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5065",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-062",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5044",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-043",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4991",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-023",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5047",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-046",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E0E08F-39AB-11E9-B1D1-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "BID",
"id": "102424"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
},
{
"db": "NVD",
"id": "CVE-2017-16724"
}
]
},
"id": "VAR-201801-0151",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
}
],
"trust": 1.3972832733333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
}
]
},
"last_update_date": "2026-04-10T23:45:40.671000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 9.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02"
},
{
"title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-00671)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113123"
},
{
"title": "Advantech WebAccess Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77553"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16724"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102424"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-044"
},
{
"db": "ZDI",
"id": "ZDI-18-050"
},
{
"db": "ZDI",
"id": "ZDI-18-053"
},
{
"db": "ZDI",
"id": "ZDI-18-061"
},
{
"db": "ZDI",
"id": "ZDI-18-025"
},
{
"db": "ZDI",
"id": "ZDI-18-047"
},
{
"db": "ZDI",
"id": "ZDI-18-058"
},
{
"db": "ZDI",
"id": "ZDI-18-060"
},
{
"db": "ZDI",
"id": "ZDI-18-049"
},
{
"db": "ZDI",
"id": "ZDI-18-045"
},
{
"db": "ZDI",
"id": "ZDI-18-062"
},
{
"db": "ZDI",
"id": "ZDI-18-043"
},
{
"db": "ZDI",
"id": "ZDI-18-023"
},
{
"db": "ZDI",
"id": "ZDI-18-046"
},
{
"db": "CNVD",
"id": "CNVD-2018-00671"
},
{
"db": "BID",
"id": "102424"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
},
{
"db": "NVD",
"id": "CVE-2017-16724"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-044",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-050",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-053",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-061",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-025",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-047",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-058",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-060",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-049",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-045",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-062",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-043",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-023",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-046",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-00671",
"ident": null
},
{
"db": "BID",
"id": "102424",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-16724",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-044",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-050",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-053",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-061",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-025",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-047",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-058",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-060",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-049",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-045",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-062",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-043",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-023",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-046",
"ident": null
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00671",
"ident": null
},
{
"date": "2018-01-04T00:00:00",
"db": "BID",
"id": "102424",
"ident": null
},
{
"date": "2018-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-242",
"ident": null
},
{
"date": "2018-01-05T08:29:00.347000",
"db": "NVD",
"id": "CVE-2017-16724",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-044",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-050",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-053",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-061",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-025",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-047",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-058",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-060",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-049",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-045",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-062",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-043",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-023",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-046",
"ident": null
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00671",
"ident": null
},
{
"date": "2018-01-04T00:00:00",
"db": "BID",
"id": "102424",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-242",
"ident": null
},
{
"date": "2024-11-21T03:16:51.453000",
"db": "NVD",
"id": "CVE-2017-16724",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess bwwfaa Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-044"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-242"
}
],
"trust": 0.8
}
}
VAR-201801-0152
Vulnerability from variot - Updated: 2026-04-10 23:45An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27f2 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 9.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lt",
"trust": 2.4,
"vendor": "advantech",
"version": "8.3"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "7.2"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:advantech_webaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Offensive Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
}
],
"trust": 9.8
},
"cve": "CVE-2017-16728",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16728",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 9.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16728",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16728",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-16728",
"trust": 9.1,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16728",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2017-16728",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"description": {
"_id": null,
"data": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27f2 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
}
],
"trust": 11.16
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-16728",
"trust": 13.0
},
{
"db": "BID",
"id": "102424",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-004-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2018-00673",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-004-02A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5003",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-035",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4959",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-012",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4973",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-020",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5006",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-038",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5007",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-039",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5010",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-040",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5060",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-057",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4964",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-017",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4953",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-010",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5004",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-036",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4963",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-016",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4998",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-030",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5005",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-037",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4962",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-015",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E1079E-39AB-11E9-9B2B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"id": "VAR-201801-0152",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
}
],
"trust": 1.23470696
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
}
]
},
"last_update_date": "2026-04-10T23:45:36.615000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 9.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02"
},
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://www.advantech.com/industrial-automation/webaccess"
},
{
"title": "Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113125"
},
{
"title": "Advantech WebAccess Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
},
{
"problemtype": "CWE-822",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102424"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16728"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16728"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-040"
},
{
"db": "ZDI",
"id": "ZDI-18-057"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-010"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-030"
},
{
"db": "ZDI",
"id": "ZDI-18-037"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-035",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-012",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-020",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-038",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-039",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-040",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-057",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-017",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-010",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-036",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-016",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-030",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-037",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-015",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-00673",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011796",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-16728",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-035",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-012",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-020",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-038",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-039",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-040",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-057",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-017",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-010",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-036",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-016",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-030",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-037",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-015",
"ident": null
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00673",
"ident": null
},
{
"date": "2018-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-241",
"ident": null
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011796",
"ident": null
},
{
"date": "2018-01-05T08:29:00.393000",
"db": "NVD",
"id": "CVE-2017-16728",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-035",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-012",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-020",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-038",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-039",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-040",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-057",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-017",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-010",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-036",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-016",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-030",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-037",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-015",
"ident": null
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00673",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-241",
"ident": null
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011796",
"ident": null
},
{
"date": "2024-11-21T03:16:52.023000",
"db": "NVD",
"id": "CVE-2017-16728",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-015"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
}
],
"trust": 0.8
}
}
VAR-201805-1143
Vulnerability from variot - Updated: 2026-04-10 23:45In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwblcmd.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess node",
"scope": null,
"trust": 9.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.0"
},
{
"_id": null,
"model": "webaccess\\/nms",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2.0.3"
},
{
"_id": null,
"model": "webaccess scada",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2.0.15"
},
{
"_id": null,
"model": "webaccess \u003c=8.2 20170817",
"scope": null,
"trust": 0.6,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=8.3.0"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=2.0.15"
},
{
"_id": null,
"model": "webaccess scada node",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess/nms",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=2.0.3"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.3.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2.0.15"
},
{
"_id": null,
"model": "webaccess\\/nms",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2.0.3"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess dashboard",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess scada",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess nms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
},
{
"db": "NVD",
"id": "CVE-2018-7499"
}
]
},
"credits": {
"_id": null,
"data": "Mat Powell - Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
}
],
"trust": 8.4
},
"cve": "CVE-2018-7499",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 9.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137531",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7499",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7499",
"trust": 9.8,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7499",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-10713",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-446",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137531",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "VULHUB",
"id": "VHN-137531"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
},
{
"db": "NVD",
"id": "CVE-2018-7499"
}
]
},
"description": {
"_id": null,
"data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwblcmd.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7499"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137531"
}
],
"trust": 10.53
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-7499",
"trust": 12.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-135-01",
"trust": 2.3
},
{
"db": "BID",
"id": "104190",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-10713",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5691",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-516",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5694",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-519",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5698",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-523",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5700",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-525",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5684",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-509",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5688",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-513",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5681",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-506",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5678",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-503",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5689",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-514",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5695",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-520",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5663",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-498",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5683",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-508",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5685",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-510",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5699",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-524",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2F10D30-39AB-11E9-AE57-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137531",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "VULHUB",
"id": "VHN-137531"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
},
{
"db": "NVD",
"id": "CVE-2018-7499"
}
]
},
"id": "VAR-201805-1143",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "VULHUB",
"id": "VHN-137531"
}
],
"trust": 1.5316815933333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
}
]
},
"last_update_date": "2026-04-10T23:45:35.471000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 9.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-10713)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/130743"
},
{
"title": "Multiple Advantech Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80056"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137531"
},
{
"db": "NVD",
"id": "CVE-2018-7499"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 12.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104190"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-516"
},
{
"db": "ZDI",
"id": "ZDI-18-519"
},
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-525"
},
{
"db": "ZDI",
"id": "ZDI-18-509"
},
{
"db": "ZDI",
"id": "ZDI-18-513"
},
{
"db": "ZDI",
"id": "ZDI-18-506"
},
{
"db": "ZDI",
"id": "ZDI-18-503"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
},
{
"db": "ZDI",
"id": "ZDI-18-520"
},
{
"db": "ZDI",
"id": "ZDI-18-498"
},
{
"db": "ZDI",
"id": "ZDI-18-508"
},
{
"db": "ZDI",
"id": "ZDI-18-510"
},
{
"db": "ZDI",
"id": "ZDI-18-524"
},
{
"db": "CNVD",
"id": "CNVD-2018-10713"
},
{
"db": "VULHUB",
"id": "VHN-137531"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
},
{
"db": "NVD",
"id": "CVE-2018-7499"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-516",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-519",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-523",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-525",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-509",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-513",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-506",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-503",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-514",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-520",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-498",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-508",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-510",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-524",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-10713",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-137531",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-7499",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-05-31T00:00:00",
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-516",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-519",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-523",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-525",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-509",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-513",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-506",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-503",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-514",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-520",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-498",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-508",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-510",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-524",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10713",
"ident": null
},
{
"date": "2018-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-137531",
"ident": null
},
{
"date": "2018-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-446",
"ident": null
},
{
"date": "2018-05-15T22:29:00.503000",
"db": "NVD",
"id": "CVE-2018-7499",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-516",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-519",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-523",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-525",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-509",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-513",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-506",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-503",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-514",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-520",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-498",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-508",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-510",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-524",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10713",
"ident": null
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137531",
"ident": null
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-446",
"ident": null
},
{
"date": "2024-11-21T04:12:15.050000",
"db": "NVD",
"id": "CVE-2018-7499",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess Node bwsound Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-523"
},
{
"db": "ZDI",
"id": "ZDI-18-514"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f10d30-39ab-11e9-ae57-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-446"
}
],
"trust": 0.8
}
}
VAR-201805-1144
Vulnerability from variot - Updated: 2026-04-10 23:45In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of the GetTrendDetail function in BWMobileService.dll. When parsing the ProjectName parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess node",
"scope": null,
"trust": 9.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.0"
},
{
"_id": null,
"model": "webaccess\\/nms",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2.0.3"
},
{
"_id": null,
"model": "webaccess scada",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "2.0.15"
},
{
"_id": null,
"model": "webaccess \u003c=8.2 20170817",
"scope": null,
"trust": 0.6,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=8.3.0"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=2.0.15"
},
{
"_id": null,
"model": "webaccess scada node",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "8.3.1"
},
{
"_id": null,
"model": "webaccess/nms",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=2.0.3"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.3.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"_id": null,
"model": "webaccess dashboard",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2.0.15"
},
{
"_id": null,
"model": "webaccess\\/nms",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "2.0.3"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess dashboard",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess scada",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess nms",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
},
{
"db": "NVD",
"id": "CVE-2018-7501"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
}
],
"trust": 9.8
},
"cve": "CVE-2018-7501",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 8.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 2.4,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-10317",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7501",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7501",
"trust": 9.8,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7501",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-10317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-445",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137533",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "VULHUB",
"id": "VHN-137533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
},
{
"db": "NVD",
"id": "CVE-2018-7501"
}
]
},
"description": {
"_id": null,
"data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of the GetTrendDetail function in BWMobileService.dll. When parsing the ProjectName parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7501"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137533"
}
],
"trust": 10.53
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-7501",
"trust": 12.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-135-01",
"trust": 2.3
},
{
"db": "BID",
"id": "104190",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10317",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5611",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-481",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5653",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-489",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5649",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-485",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5652",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-488",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5650",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-486",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5609",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-479",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5597",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-474",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5608",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-478",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5590",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-553",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5606",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-476",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5612",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-482",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5519",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-472",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5607",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-477",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5596",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-473",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2F022CF-39AB-11E9-A809-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137533",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "VULHUB",
"id": "VHN-137533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
},
{
"db": "NVD",
"id": "CVE-2018-7501"
}
]
},
"id": "VAR-201805-1144",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "VULHUB",
"id": "VHN-137533"
}
],
"trust": 1.5316815933333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
}
]
},
"last_update_date": "2026-04-10T23:45:35.332000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 9.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/130233"
},
{
"title": "Multiple Advantech product SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80055"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137533"
},
{
"db": "NVD",
"id": "CVE-2018-7501"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 12.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104190"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-481"
},
{
"db": "ZDI",
"id": "ZDI-18-489"
},
{
"db": "ZDI",
"id": "ZDI-18-485"
},
{
"db": "ZDI",
"id": "ZDI-18-488"
},
{
"db": "ZDI",
"id": "ZDI-18-486"
},
{
"db": "ZDI",
"id": "ZDI-18-479"
},
{
"db": "ZDI",
"id": "ZDI-18-474"
},
{
"db": "ZDI",
"id": "ZDI-18-478"
},
{
"db": "ZDI",
"id": "ZDI-18-553"
},
{
"db": "ZDI",
"id": "ZDI-18-476"
},
{
"db": "ZDI",
"id": "ZDI-18-482"
},
{
"db": "ZDI",
"id": "ZDI-18-472"
},
{
"db": "ZDI",
"id": "ZDI-18-477"
},
{
"db": "ZDI",
"id": "ZDI-18-473"
},
{
"db": "CNVD",
"id": "CNVD-2018-10317"
},
{
"db": "VULHUB",
"id": "VHN-137533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
},
{
"db": "NVD",
"id": "CVE-2018-7501"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-481",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-489",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-485",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-488",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-486",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-479",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-474",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-478",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-553",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-476",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-482",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-472",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-477",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-473",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-10317",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-137533",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-7501",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-05-25T00:00:00",
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-481",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-489",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-485",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-488",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-486",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-479",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-474",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-478",
"ident": null
},
{
"date": "2018-06-08T00:00:00",
"db": "ZDI",
"id": "ZDI-18-553",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-476",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-482",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-472",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-477",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-473",
"ident": null
},
{
"date": "2018-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10317",
"ident": null
},
{
"date": "2018-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-137533",
"ident": null
},
{
"date": "2018-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-445",
"ident": null
},
{
"date": "2018-05-15T22:29:00.567000",
"db": "NVD",
"id": "CVE-2018-7501",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-481",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-489",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-485",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-488",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-486",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-479",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-474",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-478",
"ident": null
},
{
"date": "2018-06-08T00:00:00",
"db": "ZDI",
"id": "ZDI-18-553",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-476",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-482",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-472",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-477",
"ident": null
},
{
"date": "2018-05-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-473",
"ident": null
},
{
"date": "2018-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10317",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137533",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-445",
"ident": null
},
{
"date": "2024-11-21T04:12:15.263000",
"db": "NVD",
"id": "CVE-2018-7501",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess Node BWSCADASoap GetAlarms SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-481"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f022cf-39ab-11e9-a809-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-445"
}
],
"trust": 0.8
}
}
VAR-201407-0233
Vulnerability from variot - Updated: 2026-04-10 23:39Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the DVC.DvcCtrl ActiveX Control in dvs.ocx. The control does not check the length of an attacker-supplied string in the GetParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 8.4,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "7.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "6.0"
},
{
"_id": null,
"model": "webaccess",
"scope": "lt",
"trust": 1.4,
"vendor": "advantech",
"version": "7.2"
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "7.1"
},
{
"_id": null,
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "7.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "6.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "7.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:advantech_webaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
}
],
"trust": 5.6
},
"cve": "CVE-2014-2364",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2364",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 11.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e485769a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2014-2364",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2364",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04544",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the DVC.DvcCtrl ActiveX Control in dvs.ocx. The control does not check the length of an attacker-supplied string in the GetParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "BID",
"id": "68714"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
}
],
"trust": 10.35
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-2364",
"trust": 12.1
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-02",
"trust": 3.0
},
{
"db": "BID",
"id": "68714",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2014-04544",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "128384",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2045",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-244",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2062",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-252",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2066",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-255",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2032",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-241",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2065",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-246",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2044",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-243",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2063",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-253",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2043",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-242",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2068",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-247",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2069",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-248",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2067",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-256",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2064",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-254",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D7F00B0-463F-11E9-B5C5-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E485769A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "BID",
"id": "68714"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
}
]
},
"id": "VAR-201407-0233",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
}
],
"trust": 1.43470696
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
}
]
},
"last_update_date": "2026-04-10T23:39:25.669000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 8.4,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02"
},
{
"title": "Downloads ::: WebAccess Software",
"trust": 0.8,
"url": "http://webaccess.advantech.com/downloads.php?item=software"
},
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://webaccess.advantech.com/"
},
{
"title": "Advantech WebAccess patch for multiple ActiveX control buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47828"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-198-02"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/128384/advantech-webaccess-dvs.ocx-getcolor-buffer-overflow.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/68714"
},
{
"trust": 1.0,
"url": "http://webaccess.advantech.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2364"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2364"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-244"
},
{
"db": "ZDI",
"id": "ZDI-14-252"
},
{
"db": "ZDI",
"id": "ZDI-14-255"
},
{
"db": "ZDI",
"id": "ZDI-14-241"
},
{
"db": "ZDI",
"id": "ZDI-14-246"
},
{
"db": "ZDI",
"id": "ZDI-14-243"
},
{
"db": "ZDI",
"id": "ZDI-14-253"
},
{
"db": "ZDI",
"id": "ZDI-14-242"
},
{
"db": "ZDI",
"id": "ZDI-14-247"
},
{
"db": "ZDI",
"id": "ZDI-14-248"
},
{
"db": "ZDI",
"id": "ZDI-14-256"
},
{
"db": "ZDI",
"id": "ZDI-14-254"
},
{
"db": "CNVD",
"id": "CNVD-2014-04544"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
},
{
"db": "NVD",
"id": "CVE-2014-2364"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-244",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-252",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-255",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-241",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-246",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-243",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-253",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-242",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-247",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-248",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-256",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-254",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04544",
"ident": null
},
{
"db": "BID",
"id": "68714",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003487",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-2364",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-07-24T00:00:00",
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1",
"ident": null
},
{
"date": "2014-07-24T00:00:00",
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-244",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-252",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-255",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-241",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-246",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-243",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-253",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-242",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-247",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-248",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-256",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-254",
"ident": null
},
{
"date": "2014-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04544",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "BID",
"id": "68714",
"ident": null
},
{
"date": "2014-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-476",
"ident": null
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003487",
"ident": null
},
{
"date": "2014-07-19T05:09:27.563000",
"db": "NVD",
"id": "CVE-2014-2364",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-244",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-252",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-255",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-241",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-246",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-243",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-253",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-242",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-247",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-248",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-256",
"ident": null
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-254",
"ident": null
},
{
"date": "2014-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04544",
"ident": null
},
{
"date": "2014-09-25T00:03:00",
"db": "BID",
"id": "68714",
"ident": null
},
{
"date": "2014-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-476",
"ident": null
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003487",
"ident": null
},
{
"date": "2025-10-06T18:15:47.890000",
"db": "NVD",
"id": "CVE-2014-2364",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003487"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1"
},
{
"db": "IVD",
"id": "e485769a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-476"
}
],
"trust": 1.0
}
}
VAR-201906-1029
Vulnerability from variot - Updated: 2026-04-10 23:38In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. WebAccess/SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess",
"scope": null,
"trust": 9.1,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess",
"scope": "lte",
"trust": 1.8,
"vendor": "advantech",
"version": "8.3.5"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=8.3.5"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3.5"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3.4"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3.2"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.3"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.1"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8.0"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "7.2"
},
{
"_id": null,
"model": "webaccess/scada",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "8.4.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "BID",
"id": "108923"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "NVD",
"id": "CVE-2019-10993"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:webaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
}
]
},
"credits": {
"_id": null,
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
}
],
"trust": 8.4
},
"cve": "CVE-2019-10993",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10993",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-32473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10993",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 9.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10993",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10993",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-10993",
"trust": 9.1,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10993",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-10993",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-32473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1077",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "NVD",
"id": "CVE-2019-10993"
}
]
},
"description": {
"_id": null,
"data": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. WebAccess/SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. An information disclosure vulnerability\n5. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10993"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "BID",
"id": "108923"
},
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
}
],
"trust": 10.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-10993",
"trust": 12.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-05",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-613",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-616",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-611",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-612",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-602",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-603",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-617",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-615",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-607",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-623",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-618",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-606",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-614",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-597",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-605",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-601",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-19-598",
"trust": 1.6
},
{
"db": "BID",
"id": "108923",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-32473",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8129",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-599",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8146",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8143",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-610",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8150",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8118",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-595",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8144",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8145",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8135",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8136",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8151",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8148",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8140",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8119",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2350",
"trust": 0.6
},
{
"db": "IVD",
"id": "D5DCD84F-1ACA-4DC3-AC16-D5C7C3DD4D07",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "BID",
"id": "108923"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "NVD",
"id": "CVE-2019-10993"
}
]
},
"id": "VAR-201906-1029",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
}
],
"trust": 1.34667458
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
}
]
},
"last_update_date": "2026-04-10T23:38:39.157000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 9.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05"
},
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "https://www.advantech.co.jp/industrial-automation/webaccess"
},
{
"title": "Patch for Advantech WebAccess/SCADA arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/181487"
},
{
"title": "Advantech WebAccess/SCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94180"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "NVD",
"id": "CVE-2019-10993"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-623/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10993"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-597/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-611/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-601/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-612/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-598/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-615/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-605/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-616/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-602/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-613/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-603/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-614/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-606/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-617/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-607/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-618/"
},
{
"trust": 0.9,
"url": "http://webaccess.advantech.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10993"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2350/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-599"
},
{
"db": "ZDI",
"id": "ZDI-19-613"
},
{
"db": "ZDI",
"id": "ZDI-19-610"
},
{
"db": "ZDI",
"id": "ZDI-19-616"
},
{
"db": "ZDI",
"id": "ZDI-19-595"
},
{
"db": "ZDI",
"id": "ZDI-19-611"
},
{
"db": "ZDI",
"id": "ZDI-19-612"
},
{
"db": "ZDI",
"id": "ZDI-19-602"
},
{
"db": "ZDI",
"id": "ZDI-19-603"
},
{
"db": "ZDI",
"id": "ZDI-19-617"
},
{
"db": "ZDI",
"id": "ZDI-19-615"
},
{
"db": "ZDI",
"id": "ZDI-19-607"
},
{
"db": "ZDI",
"id": "ZDI-19-623"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
},
{
"db": "BID",
"id": "108923"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812"
},
{
"db": "NVD",
"id": "CVE-2019-10993"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-599",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-613",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-610",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-616",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-595",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-611",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-612",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-602",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-603",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-617",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-615",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-607",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-623",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-32473",
"ident": null
},
{
"db": "BID",
"id": "108923",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1077",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005812",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-10993",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-599",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-613",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-610",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-616",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-595",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-611",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-612",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-602",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-603",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-617",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-615",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-607",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-623",
"ident": null
},
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32473",
"ident": null
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108923",
"ident": null
},
{
"date": "2019-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1077",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005812",
"ident": null
},
{
"date": "2019-06-28T21:15:11.353000",
"db": "NVD",
"id": "CVE-2019-10993",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-599",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-613",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-610",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-616",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-595",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-611",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-612",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-602",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-603",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-617",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-615",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "ZDI",
"id": "ZDI-19-607",
"ident": null
},
{
"date": "2024-01-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-623",
"ident": null
},
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32473",
"ident": null
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108923",
"ident": null
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1077",
"ident": null
},
{
"date": "2019-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005812",
"ident": null
},
{
"date": "2024-11-21T04:20:18.740000",
"db": "NVD",
"id": "CVE-2019-10993",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WebAccess/SCADA Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07"
},
{
"db": "CNVD",
"id": "CNVD-2019-32473"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1077"
}
],
"trust": 0.6
}
}
VAR-202004-0077
Vulnerability from variot - Updated: 2026-04-10 23:38There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. WebAccess/NMS To SQL An injection vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class. When parsing the syslogs parameter of the emsSyslogs endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webaccess/nms",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "webaccess\\/nms",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "3.0.2"
},
{
"_id": null,
"model": "webaccess/nms",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "3.0.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "NVD",
"id": "CVE-2020-10617"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:webaccess%2fnms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
}
]
},
"credits": {
"_id": null,
"data": "rgod of 9sg",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
}
],
"trust": 11.2
},
"cve": "CVE-2020-10617",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10617",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003801",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10617",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 11.2,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10617",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003801",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-10617",
"trust": 11.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10617",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003801",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-163113",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "VULHUB",
"id": "VHN-163113"
},
{
"db": "VULMON",
"id": "CVE-2020-10617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "NVD",
"id": "CVE-2020-10617"
}
]
},
"description": {
"_id": null,
"data": "There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. WebAccess/NMS To SQL An injection vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class. When parsing the syslogs parameter of the emsSyslogs endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "VULHUB",
"id": "VHN-163113"
},
{
"db": "VULMON",
"id": "CVE-2020-10617"
}
],
"trust": 11.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10617",
"trust": 13.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-098-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9820",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-438",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9567",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-374",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9765",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-412",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9821",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-439",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9589",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-395",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9776",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-416",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9824",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-442",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9806",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-427",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9804",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-425",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9568",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-375",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9825",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-443",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9775",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-415",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9819",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-437",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9570",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-377",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9699",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-407",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9777",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-417",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-22316",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-397",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163113",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10617",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "VULHUB",
"id": "VHN-163113"
},
{
"db": "VULMON",
"id": "CVE-2020-10617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "NVD",
"id": "CVE-2020-10617"
}
]
},
"id": "VAR-202004-0077",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163113"
}
],
"trust": 0.636888
},
"last_update_date": "2026-04-10T23:38:34.550000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163113"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "NVD",
"id": "CVE-2020-10617"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 13.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10617"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10617"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-374"
},
{
"db": "ZDI",
"id": "ZDI-20-412"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-375"
},
{
"db": "ZDI",
"id": "ZDI-20-443"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-377"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
},
{
"db": "VULHUB",
"id": "VHN-163113"
},
{
"db": "VULMON",
"id": "CVE-2020-10617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801"
},
{
"db": "NVD",
"id": "CVE-2020-10617"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-438",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-374",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-412",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-439",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-395",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-416",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-442",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-427",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-425",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-375",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-443",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-415",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-437",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-377",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-407",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-417",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-163113",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10617",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003801",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10617",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-438",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-374",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-412",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-439",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-395",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-416",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-442",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-427",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-425",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-375",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-443",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-415",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-437",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-377",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-407",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-417",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-163113",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10617",
"ident": null
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003801",
"ident": null
},
{
"date": "2020-04-09T14:15:12.510000",
"db": "NVD",
"id": "CVE-2020-10617",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-438",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-374",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-412",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-439",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-395",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-416",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-442",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-427",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-425",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-375",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-443",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-415",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-437",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-377",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-407",
"ident": null
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-417",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-163113",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10617",
"ident": null
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003801",
"ident": null
},
{
"date": "2024-11-21T04:55:42.477000",
"db": "NVD",
"id": "CVE-2020-10617",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-438"
},
{
"db": "ZDI",
"id": "ZDI-20-439"
},
{
"db": "ZDI",
"id": "ZDI-20-395"
},
{
"db": "ZDI",
"id": "ZDI-20-416"
},
{
"db": "ZDI",
"id": "ZDI-20-442"
},
{
"db": "ZDI",
"id": "ZDI-20-427"
},
{
"db": "ZDI",
"id": "ZDI-20-425"
},
{
"db": "ZDI",
"id": "ZDI-20-415"
},
{
"db": "ZDI",
"id": "ZDI-20-437"
},
{
"db": "ZDI",
"id": "ZDI-20-407"
},
{
"db": "ZDI",
"id": "ZDI-20-417"
}
],
"trust": 7.7
}
}
VAR-202007-0395
Vulnerability from variot - Updated: 2026-03-05 23:20Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 11.9,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
}
],
"trust": 11.9
},
"cve": "CVE-2020-14497",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-42953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 7.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.2,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14497",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 7.7,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 4.2,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14497",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-14497",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
],
"trust": 12.87
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14497",
"trust": 14.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-860",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-835",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-842",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-832",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-861",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-852",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-838",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-851",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-858",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-863",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-853",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-864",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-866",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-833",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-839",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-854",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-857",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-855",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-845",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-20-830",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10700",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10631",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10716",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10703",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10626",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10707",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10635",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10655",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10625",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10632",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10702",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10668",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10658",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10661",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10673",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10704",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10669",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"id": "VAR-202007-0395",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
]
},
"last_update_date": "2026-03-05T23:20:59.360000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227467"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 1.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14497"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-835/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-837/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-861/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-851/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-849/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-863/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-855/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-862/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-832/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-868/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-828/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-845/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-865/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-844/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-827/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-836/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-842/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-858/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-830/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-869/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-846/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-850/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-854/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-843/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-838/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-856/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-860/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-864/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-833/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-866/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-839/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-857/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-853/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-852/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-848/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-835"
},
{
"db": "ZDI",
"id": "ZDI-20-842"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-852"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-863"
},
{
"db": "ZDI",
"id": "ZDI-20-853"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-835",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-842",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-832",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-861",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-852",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-838",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-851",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-858",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-863",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-853",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-835",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-842",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-832",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-861",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-852",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-838",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-851",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-858",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-863",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-853",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008131",
"ident": null
},
{
"date": "2020-07-15T02:15:12.547000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-835",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-842",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-832",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-861",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-852",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-838",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-851",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-858",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-863",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-853",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008131",
"ident": null
},
{
"date": "2024-11-21T05:03:23.890000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-832"
}
],
"trust": 1.4
}
}
VAR-202511-2201
Vulnerability from variot - Updated: 2025-12-20 23:46Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxStandaloneVpnClientsController.ajaxAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute unauthorized SQL commands and steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-2201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"cve": "CVE-2025-34245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-30963",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34245",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34245",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34245",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-30963",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AjaxStandaloneVpnClientsController.ajaxAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxStandaloneVpnClientsController.ajaxAction function\u0027s failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute unauthorized SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34245"
},
{
"db": "CNVD",
"id": "CNVD-2025-30963"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34245",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-30963",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"id": "VAR-202511-2201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
}
]
},
"last_update_date": "2025-12-20T23:46:54.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782986"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxstandalonevpnclientscontroller"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"date": "2025-11-06T20:15:48.717000",
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30963"
},
{
"date": "2025-11-28T17:02:55.473000",
"db": "NVD",
"id": "CVE-2025-34245"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30963"
}
],
"trust": 0.6
}
}
VAR-202511-0753
Vulnerability from variot - Updated: 2025-12-20 23:46Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the fact that the AjaxFwRulesController.ajaxDeviceFwRulesAction function does not adequately validate the datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-0753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"cve": "CVE-2025-34244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-31067",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34244",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34244",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34244",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-31067",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AjaxFwRulesController.ajaxDeviceFwRulesAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the fact that the `AjaxFwRulesController.ajaxDeviceFwRulesAction` function does not adequately validate the datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34244"
},
{
"db": "CNVD",
"id": "CNVD-2025-31067"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34244",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-31067",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"id": "VAR-202511-0753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
}
]
},
"last_update_date": "2025-12-20T23:46:14.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxfwruelscontroller-ajaxdevicefwrulesaction"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"date": "2025-11-06T20:15:48.560000",
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31067"
},
{
"date": "2025-11-28T16:58:29.260000",
"db": "NVD",
"id": "CVE-2025-34244"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31067"
}
],
"trust": 0.6
}
}
VAR-202511-0613
Vulnerability from variot - Updated: 2025-12-20 23:41Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxNetworkController.ajaxAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-0613",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"cve": "CVE-2025-34242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-30961",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34242",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34242",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34242",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-30961",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AjaxNetworkController.ajaxAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxNetworkController.ajaxAction function\u0027s failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34242"
},
{
"db": "CNVD",
"id": "CNVD-2025-30961"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34242",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-30961",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"id": "VAR-202511-0613",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
}
]
},
"last_update_date": "2025-12-20T23:41:43.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AjaxNetworkController.ajaxAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782976"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxnetworkcontroller"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34242"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"date": "2025-11-06T20:15:48.270000",
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30961"
},
{
"date": "2025-11-28T16:58:07.870000",
"db": "NVD",
"id": "CVE-2025-34242"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AjaxNetworkController.ajaxAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30961"
}
],
"trust": 0.6
}
}
VAR-202511-1878
Vulnerability from variot - Updated: 2025-12-20 23:40Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxDeviceController.ajaxDeviceAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-1878",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"cve": "CVE-2025-34241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-31066",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34241",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34241",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34241",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-31066",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AjaxDeviceController.ajaxDeviceAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxDeviceController.ajaxDeviceAction function\u0027s failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34241"
},
{
"db": "CNVD",
"id": "CNVD-2025-31066"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34241",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-31066",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"id": "VAR-202511-1878",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
}
]
},
"last_update_date": "2025-12-20T23:40:19.042000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782956"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxdevicecontroller-ajaxdeviceaction"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"date": "2025-11-06T20:15:48.100000",
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31066"
},
{
"date": "2025-11-28T16:57:53.457000",
"db": "NVD",
"id": "CVE-2025-34241"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31066"
}
],
"trust": 0.6
}
}
VAR-202511-0924
Vulnerability from variot - Updated: 2025-12-20 23:37Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the lack of filtering of datatable search parameters in the AppManagementController.appUpgradeAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-0924",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"cve": "CVE-2025-34240",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-30964",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34240",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34240",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34240",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-30964",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AppManagementController.appUpgradeAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the lack of filtering of datatable search parameters in the AppManagementController.appUpgradeAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34240"
},
{
"db": "CNVD",
"id": "CNVD-2025-30964"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34240",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-30964",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"id": "VAR-202511-0924",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
}
]
},
"last_update_date": "2025-12-20T23:37:30.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-appmanagementcontroller-appupgradeaction"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34240"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"date": "2025-11-06T20:15:47.937000",
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30964"
},
{
"date": "2025-11-28T16:57:36.657000",
"db": "NVD",
"id": "CVE-2025-34240"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30964"
}
],
"trust": 0.6
}
}
VAR-202511-1363
Vulnerability from variot - Updated: 2025-12-20 23:37Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from improper handling of datatable search parameters in the AjaxFwRulesController.ajaxNetworkFwRulesAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-1363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess\\/vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "1.1.5"
},
{
"model": "webaccess/vpn",
"scope": "lt",
"trust": 0.6,
"vendor": "advantech",
"version": "1.1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"cve": "CVE-2025-34243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-31068",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-34243",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34243",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-31068",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in\u00a0AjaxFwRulesController.ajaxNetworkFwRulesAction()\u00a0that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech\u0027s WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. \n\nAdvantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from improper handling of datatable search parameters in the AjaxFwRulesController.ajaxNetworkFwRulesAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34243"
},
{
"db": "CNVD",
"id": "CNVD-2025-31068"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34243",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-31068",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"id": "VAR-202511-1363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
}
]
},
"last_update_date": "2025-12-20T23:37:30.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/782966"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxfwrulescontroller-ajaxnetworkfwrulesaction"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/download/software"
},
{
"trust": 1.0,
"url": "https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34243"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"date": "2025-11-06T20:15:48.410000",
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-31068"
},
{
"date": "2025-11-28T16:58:17.007000",
"db": "NVD",
"id": "CVE-2025-34243"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-31068"
}
],
"trust": 0.6
}
}