Search criteria
24 vulnerabilities found for webaccess by broadwin
VAR-201202-0218
Vulnerability from variot - Updated: 2024-02-13 22:31Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0238",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-53519",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-0238",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0238",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-414",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53519",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2012-0238",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0238"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0238",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.4
},
{
"db": "BID",
"id": "52051",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0667",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19D8C7F0-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53519",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-0238",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"id": "VAR-201202-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "VULHUB",
"id": "VHN-53519"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
}
]
},
"last_update_date": "2024-02-13T22:31:46.275000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0667)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10251"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0238"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0238"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"db": "VULHUB",
"id": "VHN-53519"
},
{
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53519"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"date": "2012-02-21T13:31:57.093000",
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0667"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53519"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0238"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001556"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-414"
},
{
"date": "2018-01-05T02:29:18.447000",
"db": "NVD",
"id": "CVE-2012-0238"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of opcImg.asp Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001556"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "19d8c7f0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-414"
}
],
"trust": 0.8
}
}
VAR-201202-0155
Vulnerability from variot - Updated: 2023-12-18 12:58webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue. Other attacks may also be possible. Advantech/BroadWin SCADA WebAccess 7.0 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": null,
"trust": 1.4,
"vendor": "broadwin",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.0,
"vendor": "broadwin",
"version": "*"
},
{
"model": "advantech/broadwin scada webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"db": "BID",
"id": "47008"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadwin:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4041"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "47008"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4041",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4041",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "27c87c84-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4041",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-105",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2011-4041",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue. Other attacks may also be possible. \nAdvantech/BroadWin SCADA WebAccess 7.0 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"db": "BID",
"id": "47008"
},
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-4041"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35495",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4041"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4041",
"trust": 3.2
},
{
"db": "BID",
"id": "47008",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-094-02A",
"trust": 2.0
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-081-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-11-094-02B",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-1203",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20110322 SCADA TROJANS: ATTACKING THE GRID + ADVANTECH VULNERABILITIES",
"trust": 0.6
},
{
"db": "IVD",
"id": "27C87C84-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "B1F17DD8-1F9A-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "35495",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4041",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"db": "BID",
"id": "47008"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"id": "VAR-201202-0155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
}
],
"trust": 1.5913359200000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
}
]
},
"last_update_date": "2023-12-18T12:58:21.517000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.broadwin.com/products.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026itemid=1"
},
{
"trust": 2.0,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-094-02a.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/47008"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"trust": 1.7,
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"trust": 1.7,
"url": "http://www.reversemode.com/downloads/scada_trojans_ruben_rootedcon.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-081-01.pdf"
},
{
"trust": 0.9,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-11-094-02b"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4041"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4041"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.3,
"url": "/archive/1/517117"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35495/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"db": "BID",
"id": "47008"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"db": "BID",
"id": "47008"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-24T00:00:00",
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"date": "2011-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"date": "2011-03-23T00:00:00",
"db": "BID",
"id": "47008"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"date": "2012-02-06T20:55:02.267000",
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1203"
},
{
"date": "2012-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4041"
},
{
"date": "2014-01-09T02:01:00",
"db": "BID",
"id": "47008"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001325"
},
{
"date": "2012-12-11T04:27:10.967000",
"db": "NVD",
"id": "CVE-2011-4041"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of webvrpcs.exe Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001325"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "27c87c84-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b1f17dd8-1f9a-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-105"
}
],
"trust": 1.0
}
}
VAR-201202-0214
Vulnerability from variot - Updated: 2023-12-18 12:10SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0214",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0234",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1a605f08-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-53515",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0234",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-410",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-53515",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0234",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0663",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A605F08-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"id": "VAR-201202-0214",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "VULHUB",
"id": "VHN-53515"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
}
]
},
"last_update_date": "2023-12-18T12:10:15.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0663)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10192"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0234"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0234"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"db": "VULHUB",
"id": "VHN-53515"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53515"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:56.970000",
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0663"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53515"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001552"
},
{
"date": "2018-01-05T02:29:18.180000",
"db": "NVD",
"id": "CVE-2012-0234"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001552"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "1a605f08-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-410"
}
],
"trust": 0.8
}
}
VAR-201202-0216
Vulnerability from variot - Updated: 2023-12-18 12:10Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk.". Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess submits a specially crafted URL that does not authenticate users with access to restricted information. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. Vulnerabilities exist in Advantech/BroadWin WebAccess 7.0 and earlier versions. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0236",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1977818e-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-53517",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0236",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-412",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53517",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly \"does not consider it to be a security risk.\". Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess submits a specially crafted URL that does not authenticate users with access to restricted information. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. Vulnerabilities exist in Advantech/BroadWin WebAccess 7.0 and earlier versions. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0236",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0665",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1977818E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"id": "VAR-201202-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "VULHUB",
"id": "VHN-53517"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
}
]
},
"last_update_date": "2023-12-18T12:10:14.380000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2012-0665)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0236"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0236"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"db": "VULHUB",
"id": "VHN-53517"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1977818e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53517"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.033000",
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0665"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53517"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001554"
},
{
"date": "2018-01-05T02:29:18.350000",
"db": "NVD",
"id": "CVE-2012-0236"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001554"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-412"
}
],
"trust": 0.6
}
}
VAR-201202-0036
Vulnerability from variot - Updated: 2023-12-18 12:10Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwerrdn.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4522"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4522",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "1ac69822-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52467",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4522",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-402",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52467",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwerrdn.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4522",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0657",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1AC69822-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52467",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"id": "VAR-201202-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "VULHUB",
"id": "VHN-52467"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
}
]
},
"last_update_date": "2023-12-18T12:10:14.148000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0657)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10133"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4522"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4522"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"db": "VULHUB",
"id": "VHN-52467"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1ac69822-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52467"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:55.937000",
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0657"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52467"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001546"
},
{
"date": "2018-01-05T02:29:15.947000",
"db": "NVD",
"id": "CVE-2011-4522"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of bwview.asp Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001546"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-402"
}
],
"trust": 0.6
}
}
VAR-201202-0037
Vulnerability from variot - Updated: 2023-12-18 12:10Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwview.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4523",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4523",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "1aba788a-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52468",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4523",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52468",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwview.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4523",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0658",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1ABA788A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"id": "VAR-201202-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "VULHUB",
"id": "VHN-52468"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
}
]
},
"last_update_date": "2023-12-18T12:10:14.997000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0658)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4523"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4523"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"db": "VULHUB",
"id": "VHN-52468"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1aba788a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52468"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:55.970000",
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0658"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52468"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001547"
},
{
"date": "2018-01-05T02:29:16.007000",
"db": "NVD",
"id": "CVE-2011-4523"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of bwview.asp Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-403"
}
],
"trust": 0.6
}
}
VAR-201202-0035
Vulnerability from variot - Updated: 2023-12-18 12:10SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4521",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4521",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52466",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4521",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-401",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52466",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-4521",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4521",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.4
},
{
"db": "BID",
"id": "52051",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A971D7C-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52466",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"id": "VAR-201202-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "VULHUB",
"id": "VHN-52466"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
}
]
},
"last_update_date": "2023-12-18T12:10:14.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0656)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10132"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4521"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4521"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-047-01a"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"db": "VULHUB",
"id": "VHN-52466"
},
{
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52466"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:55.907000",
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0656"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52466"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4521"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001545"
},
{
"date": "2018-01-05T02:29:15.897000",
"db": "NVD",
"id": "CVE-2011-4521"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001545"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "1a971d7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-401"
}
],
"trust": 0.8
}
}
VAR-201202-0221
Vulnerability from variot - Updated: 2023-12-18 12:10Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0241",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-53522",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0241",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-417",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53522",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53522"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0241",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0673",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19BFB8B4-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18051",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "17772",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72054",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"id": "VAR-201202-0221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "VULHUB",
"id": "VHN-53522"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
}
]
},
"last_update_date": "2023-12-18T12:10:14.464000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Arbitrary Memory Corruption Vulnerability (CNVD-2012-0673)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10431"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73281"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0241"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0241"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"db": "VULHUB",
"id": "VHN-53522"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53522"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.173000",
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0673"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53522"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001559"
},
{
"date": "2018-01-05T02:29:18.633000",
"db": "NVD",
"id": "CVE-2012-0241"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Service disruption in ( Memory corruption ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "19bfb8b4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-417"
}
],
"trust": 0.8
}
}
VAR-201202-0343
Vulnerability from variot - Updated: 2023-12-18 12:10Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "advantech webaccess",
"version": "*"
},
{
"model": "advantech/broadwin",
"scope": "eq",
"trust": 0.6,
"vendor": "webaccess",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
}
],
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1235"
}
]
},
"cve": "CVE-2012-1235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-1235",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-9017",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d789810-463f-11e9-88a7-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-54516",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1235",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-9017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54516",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "VULHUB",
"id": "VHN-54516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-54516"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1235",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-9017",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564",
"trust": 0.8
},
{
"db": "IVD",
"id": "1A0E738C-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D789810-463F-11E9-88A7-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "4AD6FB9A-1F73-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54516",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "VULHUB",
"id": "VHN-54516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"id": "VAR-201202-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "VULHUB",
"id": "VHN-54516"
}
],
"trust": 2.01633592
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
}
]
},
"last_update_date": "2023-12-18T12:10:14.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Advantech/BroadWin WebAccess cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1235"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1235"
},
{
"trust": 0.6,
"url": "http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1235"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "VULHUB",
"id": "VHN-54516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "VULHUB",
"id": "VHN-54516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-22T00:00:00",
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-22T00:00:00",
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"date": "2012-02-22T00:00:00",
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54516"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"date": "2012-02-21T13:31:57.330000",
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"date": "2012-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-54516"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001564"
},
{
"date": "2012-02-23T05:00:00",
"db": "NVD",
"id": "CVE-2012-1235"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9017"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-422"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross Site Request Forgery",
"sources": [
{
"db": "IVD",
"id": "1a0e738c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d789810-463f-11e9-88a7-000c29342cb1"
},
{
"db": "IVD",
"id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
VAR-201202-0222
Vulnerability from variot - Updated: 2023-12-18 12:10Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0242",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "19a73622-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-53523",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0242",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-418",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53523",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53523"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53523"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53523",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53523"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0242",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0672",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19A73622-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "17772",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53523",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "VULHUB",
"id": "VHN-53523"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"id": "VAR-201202-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "VULHUB",
"id": "VHN-53523"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
}
]
},
"last_update_date": "2023-12-18T12:10:14.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Format String Vulnerability (CNVD-2012-0672)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0242"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0242"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "VULHUB",
"id": "VHN-53523"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"db": "VULHUB",
"id": "VHN-53523"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53523"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.203000",
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0672"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53523"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"date": "2018-01-05T02:29:18.680000",
"db": "NVD",
"id": "CVE-2012-0242"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Format string vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001560"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string",
"sources": [
{
"db": "IVD",
"id": "19a73622-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-418"
}
],
"trust": 0.8
}
}
VAR-201202-0223
Vulnerability from variot - Updated: 2023-12-18 12:10Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0243",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1a349328-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-53524",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0243",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-419",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53524",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0243",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0671",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A349328-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53524",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"id": "VAR-201202-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "VULHUB",
"id": "VHN-53524"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
}
]
},
"last_update_date": "2023-12-18T12:10:14.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0671)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0243"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0243"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"db": "VULHUB",
"id": "VHN-53524"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53524"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.237000",
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0671"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53524"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001561"
},
{
"date": "2018-01-05T02:29:18.727000",
"db": "NVD",
"id": "CVE-2012-0243"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001561"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "1a349328-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-419"
}
],
"trust": 0.8
}
}
VAR-201202-0038
Vulnerability from variot - Updated: 2023-12-18 12:10Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4524",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52469",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4524",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-404",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52469",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4524",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2012-0659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19FC5E90-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"id": "VAR-201202-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "VULHUB",
"id": "VHN-52469"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
}
]
},
"last_update_date": "2023-12-18T12:10:14.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0659)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10171"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4524"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4524"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"db": "VULHUB",
"id": "VHN-52469"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52469"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:56",
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0659"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52469"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001548"
},
{
"date": "2018-01-05T02:29:16.053000",
"db": "NVD",
"id": "CVE-2011-4524"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001548"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "19fc5e90-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-404"
}
],
"trust": 0.8
}
}
VAR-201202-0039
Vulnerability from variot - Updated: 2023-12-18 12:10Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. A security vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4525"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4525",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4525",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52470",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4525",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-405",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52470",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. A security vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4525",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2012-0660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A0232E8-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"id": "VAR-201202-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "VULHUB",
"id": "VHN-52470"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
}
]
},
"last_update_date": "2023-12-18T12:10:14.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess File Operation Vulnerability (CNVD-2012-0660)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10172"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4525"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4525"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"db": "VULHUB",
"id": "VHN-52470"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a0232e8-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52470"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:56.033000",
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0660"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52470"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001549"
},
{
"date": "2018-01-05T02:29:16.117000",
"db": "NVD",
"id": "CVE-2011-4525"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001549"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-405"
}
],
"trust": 0.6
}
}
VAR-201202-0224
Vulnerability from variot - Updated: 2023-12-18 12:10Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0244",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-53525",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0244",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-420",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-53525",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0244",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0670",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A26FDE4-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"id": "VAR-201202-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "VULHUB",
"id": "VHN-53525"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
}
]
},
"last_update_date": "2023-12-18T12:10:14.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0670)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0244"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0244"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"db": "VULHUB",
"id": "VHN-53525"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53525"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.267000",
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0670"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53525"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001562"
},
{
"date": "2018-01-05T02:29:18.787000",
"db": "NVD",
"id": "CVE-2012-0244"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "1a26fde4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-420"
}
],
"trust": 0.8
}
}
VAR-201202-0215
Vulnerability from variot - Updated: 2023-12-18 12:10Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0235",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "197d942a-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-53516",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0235",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-411",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53516",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0235",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0664",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "197D942A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"id": "VAR-201202-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "VULHUB",
"id": "VHN-53516"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
}
]
},
"last_update_date": "2023-12-18T12:10:14.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Cross-Site Request Forgery Vulnerability (CNVD-2012-0664)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10211"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0235"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0235"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"db": "VULHUB",
"id": "VHN-53516"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "197d942a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53516"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57",
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0664"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53516"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001553"
},
{
"date": "2018-01-05T02:29:18.303000",
"db": "NVD",
"id": "CVE-2012-0235"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001553"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-411"
}
],
"trust": 0.6
}
}
VAR-201202-0342
Vulnerability from variot - Updated: 2023-12-18 12:10SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "advantech/broadwin",
"scope": "eq",
"trust": 0.6,
"vendor": "webaccess",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1234"
}
]
},
"cve": "CVE-2012-1234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-1234",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-9018",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d787100-463f-11e9-b84d-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-54515",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1234",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-9018",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-421",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54515",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "VULHUB",
"id": "VHN-54515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-54515"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1234",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-9018",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D787100-463F-11E9-B84D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "1A20D46E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54515",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "VULHUB",
"id": "VHN-54515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"id": "VAR-201202-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "VULHUB",
"id": "VHN-54515"
}
],
"trust": 1.8163359200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
}
]
},
"last_update_date": "2023-12-18T12:10:14.423000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Advantech/BroadWin WebAccess SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34073"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1234"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1234"
},
{
"trust": 0.6,
"url": "http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1234"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "VULHUB",
"id": "VHN-54515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "VULHUB",
"id": "VHN-54515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-22T00:00:00",
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"date": "2012-02-22T00:00:00",
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54515"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"date": "2012-02-21T13:31:57.297000",
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"date": "2012-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-54515"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001563"
},
{
"date": "2012-02-23T05:00:00",
"db": "NVD",
"id": "CVE-2012-1234"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9018"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7d787100-463f-11e9-b84d-000c29342cb1"
},
{
"db": "IVD",
"id": "1a20d46e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-421"
}
],
"trust": 1.0
}
}
VAR-201202-0213
Vulnerability from variot - Updated: 2023-12-18 12:10Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0233",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-53514",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0233",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-409",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0233",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0662",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A6BE0A8-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53514",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"id": "VAR-201202-0213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "VULHUB",
"id": "VHN-53514"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
}
]
},
"last_update_date": "2023-12-18T12:10:14.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.broadwin.com/products.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0662)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10191"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0233"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0233"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"db": "VULHUB",
"id": "VHN-53514"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a6be0a8-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53514"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:56.953000",
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0662"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53514"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001551"
},
{
"date": "2018-01-05T02:29:18.117000",
"db": "NVD",
"id": "CVE-2012-0233"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-409"
}
],
"trust": 0.6
}
}
VAR-201202-0219
Vulnerability from variot - Updated: 2023-12-18 12:10uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Advantech/BroadWin WebAccess of uaddUpAdmin.asp Contains a vulnerability where the administrator password can be changed due to improper authentication.A third party may change the administrator password via a password change request. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0239",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0239",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-53520",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0239",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Advantech/BroadWin WebAccess of uaddUpAdmin.asp Contains a vulnerability where the administrator password can be changed due to improper authentication.A third party may change the administrator password via a password change request. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0239",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0668",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19D2CE68-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"id": "VAR-201202-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "VULHUB",
"id": "VHN-53520"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
}
]
},
"last_update_date": "2023-12-18T12:10:14.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0668)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10252"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0239"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0239"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"db": "VULHUB",
"id": "VHN-53520"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19d2ce68-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53520"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.127000",
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0668"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53520"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001557"
},
{
"date": "2018-01-05T02:29:18.507000",
"db": "NVD",
"id": "CVE-2012-0239"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of uaddUpAdmin.asp Vulnerabilities in changing administrator passwords",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001557"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-415"
}
],
"trust": 0.6
}
}
VAR-201202-0217
Vulnerability from variot - Updated: 2023-12-18 12:10Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0237",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-53518",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0237",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-413",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0237",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0666",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19E4D7F2-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"id": "VAR-201202-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "VULHUB",
"id": "VHN-53518"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
}
]
},
"last_update_date": "2023-12-18T12:10:14.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0666)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10232"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0237"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0237"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"db": "VULHUB",
"id": "VHN-53518"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53518"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.063000",
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0666"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53518"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001555"
},
{
"date": "2018-01-05T02:29:18.397000",
"db": "NVD",
"id": "CVE-2012-0237"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess Vulnerabilities that change the date and time synchronization settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "19e4d7f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-413"
}
],
"trust": 0.8
}
}
VAR-201202-0040
Vulnerability from variot - Updated: 2023-12-18 12:10Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4526",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1a485340-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52471",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4526",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-406",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52471",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4526",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0661",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "1A485340-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"id": "VAR-201202-0040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "VULHUB",
"id": "VHN-52471"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
}
]
},
"last_update_date": "2023-12-18T12:10:14.339000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0661)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10173"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4526"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4526"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"db": "VULHUB",
"id": "VHN-52471"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-52471"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:56.063000",
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0661"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-52471"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001550"
},
{
"date": "2018-01-05T02:29:16.163000",
"db": "NVD",
"id": "CVE-2011-4526"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001550"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "1a485340-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-406"
}
],
"trust": 0.8
}
}
VAR-201202-0220
Vulnerability from variot - Updated: 2023-12-18 12:10GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "broadwin webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "broadwin",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0240"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).",
"sources": [
{
"db": "BID",
"id": "52051"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0240",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0240",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-53521",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0240",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-416",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53521",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "PACKETSTORM",
"id": "106765"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0240",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01",
"trust": 2.3
},
{
"db": "BID",
"id": "52051",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0669",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-047-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-279-01",
"trust": 0.4
},
{
"db": "IVD",
"id": "19CC98CC-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "46775",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106765",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"id": "VAR-201202-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "VULHUB",
"id": "VHN-53521"
}
],
"trust": 1.550159445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
}
]
},
"last_update_date": "2023-12-18T12:10:14.230000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/webaccess-hmi-scada-software/sub_gf-1m94v.aspx"
},
{
"title": "WebAccess",
"trust": 0.8,
"url": "http://www.broadwin.com/features.htm"
},
{
"title": "Offices Distributors",
"trust": 0.8,
"url": "http://www.broadwin.com/offices.htm"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.advantech.co.jp/support-ajp/distributors.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0669)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10271"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52051"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0240"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0240"
},
{
"trust": 0.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com/product.php"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46775/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"db": "VULHUB",
"id": "VHN-53521"
},
{
"db": "BID",
"id": "52051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"db": "PACKETSTORM",
"id": "106765"
},
{
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "IVD",
"id": "19cc98cc-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"date": "2012-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-53521"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"date": "2011-11-09T12:04:37",
"db": "PACKETSTORM",
"id": "106765"
},
{
"date": "2012-02-21T13:31:57.157000",
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0669"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-53521"
},
{
"date": "2012-02-16T00:00:00",
"db": "BID",
"id": "52051"
},
{
"date": "2012-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001558"
},
{
"date": "2018-01-05T02:29:18.570000",
"db": "NVD",
"id": "CVE-2012-0240"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech/BroadWin WebAccess of GbScriptAddUp.asp Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-416"
}
],
"trust": 0.6
}
}
FKIE_CVE-2011-4041
Vulnerability from fkie_nvd - Published: 2012-02-06 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadwin:webaccess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B282CE1A-956F-4ACB-95F2-1FEE7C492EE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592."
},
{
"lang": "es",
"value": "webvrpcs.exe en Advantech/Broadwin WebAccess permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n u obtener un c\u00f3digo de seguridad a trav\u00e9s de una cadena larga en una petici\u00f3n RPC al puerto TCP 4592."
}
],
"id": "CVE-2011-4041",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-06T20:55:02.267",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"source": "cret@cert.org",
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4041 (GCVE-0-2011-4041)
Vulnerability from cvelistv5 – Published: 2012-02-06 20:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-11T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1",
"refsource": "MISC",
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47008"
},
{
"name": "http://www.reversemode.com/downloads/exploit_advantech.zip",
"refsource": "MISC",
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"name": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf",
"refsource": "MISC",
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4041",
"datePublished": "2012-02-06T20:00:00",
"dateReserved": "2011-10-13T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4041 (GCVE-0-2011-4041)
Vulnerability from nvd – Published: 2012-02-06 20:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-11T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1",
"refsource": "MISC",
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=72\u0026Itemid=1"
},
{
"name": "47008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47008"
},
{
"name": "http://www.reversemode.com/downloads/exploit_advantech.zip",
"refsource": "MISC",
"url": "http://www.reversemode.com/downloads/exploit_advantech.zip"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf"
},
{
"name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517117"
},
{
"name": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf",
"refsource": "MISC",
"url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4041",
"datePublished": "2012-02-06T20:00:00",
"dateReserved": "2011-10-13T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}