Search criteria
4 vulnerabilities found for webop by advantech
VAR-201710-1110
Vulnerability from variot - Updated: 2023-12-18 13:14A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. Advantech WebOP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a pm3 project file. Advantech WebOP is an operator panel product. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebOP is an integrated human-machine interface development tool developed by Advantech. The product has functions such as data transmission, menu editing and text editing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1110",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webop",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": null
},
{
"model": "webop designer",
"scope": null,
"trust": 1.3,
"vendor": "advantech",
"version": null
},
{
"model": "webop",
"scope": null,
"trust": 0.8,
"vendor": "advantech",
"version": null
},
{
"model": "webop designer",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webop",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "BID",
"id": "99476"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webop:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12705"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya).",
"sources": [
{
"db": "BID",
"id": "99476"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12705",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-12705",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-103254",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12705",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12705",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-12705",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1072",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103254",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "VULHUB",
"id": "VHN-103254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. Advantech WebOP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a pm3 project file. Advantech WebOP is an operator panel product. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebOP is an integrated human-machine interface development tool developed by Advantech. The product has functions such as data transmission, menu editing and text editing",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "BID",
"id": "99476"
},
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "VULHUB",
"id": "VHN-103254"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12705",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-227-01",
"trust": 2.8
},
{
"db": "BID",
"id": "99476",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-17-452",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22809",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3703",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "37428",
"trust": 0.6
},
{
"db": "IVD",
"id": "C2851008-216A-499A-BA91-1D6A0CFC5485",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103254",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "VULHUB",
"id": "VHN-103254"
},
{
"db": "BID",
"id": "99476"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"id": "VAR-201710-1110",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "VULHUB",
"id": "VHN-103254"
}
],
"trust": 1.5666666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
}
]
},
"last_update_date": "2023-12-18T13:14:06.757000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebOP",
"trust": 0.8,
"url": "http://www.advantech.in/products/search/?q=webop"
},
{
"title": "Patch for Advantech WebOP Designer heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100828"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-227-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99476"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-452/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12705"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12705"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37428"
},
{
"trust": 0.3,
"url": "http://www.advantech.in/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "VULHUB",
"id": "VHN-103254"
},
{
"db": "BID",
"id": "99476"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"db": "VULHUB",
"id": "VHN-103254"
},
{
"db": "BID",
"id": "99476"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"date": "2017-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"date": "2017-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-103254"
},
{
"date": "2017-07-05T00:00:00",
"db": "BID",
"id": "99476"
},
{
"date": "2017-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"date": "2017-10-25T07:29:00.227000",
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-17-452"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22809"
},
{
"date": "2017-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-103254"
},
{
"date": "2017-08-16T11:10:00",
"db": "BID",
"id": "99476"
},
{
"date": "2017-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"date": "2017-11-14T15:08:54.063000",
"db": "NVD",
"id": "CVE-2017-12705"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebOP Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009636"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1072"
}
],
"trust": 0.8
}
}
FKIE_CVE-2017-12705
Vulnerability from fkie_nvd - Published: 2017-10-25 07:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99476 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99476 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:webop:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F492C0B4-54CC-40BE-A367-1FD87DC51598",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de desbordamiento de b\u00c3\u00bafer basado en memoria din\u00c3\u00a1mica (heap) en Advantech WebOP. Un archivo de proyecto manipulado con fines maliciosos puede desencadenar un desbordamiento de b\u00c3\u00bafer basado en memoria din\u00c3\u00a1mica (heap), lo que puede provocar el cierre inesperado del proceso y permitir que un atacante ejecute c\u00c3\u00b3digo arbitrario."
}
],
"id": "CVE-2017-12705",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-25T07:29:00.227",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-12705 (GCVE-0-2017-12705)
Vulnerability from cvelistv5 – Published: 2017-10-25 07:00 – Updated: 2024-08-05 18:43
VLAI?
Summary
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- heap-based buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WebOP |
Affected:
Advantech WebOP
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebOP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech WebOP"
}
]
}
],
"datePublic": "2017-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "99476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebOP",
"version": {
"version_data": [
{
"version_value": "Advantech WebOP"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99476"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12705",
"datePublished": "2017-10-25T07:00:00",
"dateReserved": "2017-08-09T00:00:00",
"dateUpdated": "2024-08-05T18:43:56.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12705 (GCVE-0-2017-12705)
Vulnerability from nvd – Published: 2017-10-25 07:00 – Updated: 2024-08-05 18:43
VLAI?
Summary
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- heap-based buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WebOP |
Affected:
Advantech WebOP
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebOP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech WebOP"
}
]
}
],
"datePublic": "2017-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "99476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebOP",
"version": {
"version_data": [
{
"version_value": "Advantech WebOP"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99476"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12705",
"datePublished": "2017-10-25T07:00:00",
"dateReserved": "2017-08-09T00:00:00",
"dateUpdated": "2024-08-05T18:43:56.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}