cvelistv5 - cve-2017-12705

CVE-2017-12705 (GCVE-0-2017-12705)

Vulnerability from cvelistv5 – Published: 2017-10-25 07:00 – Updated: 2024-08-05 18:43

Summary

Severity ?

No CVSS data available.

CWE

heap-based buffer overflow

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Advantech WebOP	Affected: Advantech WebOP

GSD-2017-12705

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12705

Aliases

CVE-2017-12705

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12705",
    "description": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.",
    "id": "GSD-2017-12705"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12705"
      ],
      "details": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.",
      "id": "GSD-2017-12705",
      "modified": "2023-12-13T01:21:03.754628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-12705",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Advantech WebOP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Advantech WebOP"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "heap-based buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99476",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99476"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:advantech:webop:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-12705"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
            },
            {
              "name": "99476",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99476"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-11-14T15:08Z",
      "publishedDate": "2017-10-25T07:29Z"
    }
  }
}

VAR-201710-1110

Vulnerability from variot - Updated: 2023-12-18 13:14

A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. Advantech WebOP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a pm3 project file. Advantech WebOP is an operator panel product. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebOP is an integrated human-machine interface development tool developed by Advantech. The product has functions such as data transmission, menu editing and text editing

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1110",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "advantech",
        "version": null
      },
      {
        "model": "webop designer",
        "scope": null,
        "trust": 1.3,
        "vendor": "advantech",
        "version": null
      },
      {
        "model": "webop",
        "scope": null,
        "trust": 0.8,
        "vendor": "advantech",
        "version": null
      },
      {
        "model": "webop designer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "advantech",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "webop",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:advantech:webop:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ariele Caltabiano (kimiya).",
    "sources": [
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12705",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12705",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-12705",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-22809",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "c2851008-216a-499a-ba91-1d6a0cfc5485",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-103254",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-12705",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12705",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-12705",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22809",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-1072",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "c2851008-216a-499a-ba91-1d6a0cfc5485",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-103254",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. Advantech WebOP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer.   User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a pm3 project file. Advantech WebOP is an operator panel product. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebOP is an integrated human-machine interface development tool developed by Advantech. The product has functions such as data transmission, menu editing and text editing",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12705",
        "trust": 4.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-227-01",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99476",
        "trust": 2.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3703",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37428",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "C2851008-216A-499A-BA91-1D6A0CFC5485",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "id": "VAR-201710-1110",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      }
    ],
    "trust": 1.5666666999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:14:06.757000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WebOP",
        "trust": 0.8,
        "url": "http://www.advantech.in/products/search/?q=webop"
      },
      {
        "title": "Patch for Advantech WebOP Designer heap buffer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/100828"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-227-01"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/99476"
      },
      {
        "trust": 0.9,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-452/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12705"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12705"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37428"
      },
      {
        "trust": 0.3,
        "url": "http://www.advantech.in/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "db": "BID",
        "id": "99476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "date": "2017-08-15T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "date": "2017-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "BID",
        "id": "99476"
      },
      {
        "date": "2017-11-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "date": "2017-10-25T07:29:00.227000",
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-15T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-452"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22809"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103254"
      },
      {
        "date": "2017-08-16T11:10:00",
        "db": "BID",
        "id": "99476"
      },
      {
        "date": "2017-11-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "date": "2017-11-14T15:08:54.063000",
        "db": "NVD",
        "id": "CVE-2017-12705"
      },
      {
        "date": "2017-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Advantech WebOP Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "c2851008-216a-499a-ba91-1d6a0cfc5485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1072"
      }
    ],
    "trust": 0.8
  }
}

FKIE_CVE-2017-12705

Vulnerability from fkie_nvd - Published: 2017-10-25 07:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/99476	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01	Issue Tracking, Mitigation, Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99476	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01	Issue Tracking, Mitigation, Third Party Advisory, US Government Resource, VDB Entry

Impacted products

	Vendor	Product	Version
	advantech	webop	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:advantech:webop:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F492C0B4-54CC-40BE-A367-1FD87DC51598",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de desbordamiento de b\u00c3\u00bafer basado en memoria din\u00c3\u00a1mica (heap) en Advantech WebOP. Un archivo de proyecto manipulado con fines maliciosos puede desencadenar un desbordamiento de b\u00c3\u00bafer basado en memoria din\u00c3\u00a1mica (heap), lo que puede provocar el cierre inesperado del proceso y permitir que un atacante ejecute c\u00c3\u00b3digo arbitrario."
    }
  ],
  "id": "CVE-2017-12705",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T07:29:00.227",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99476"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-22809

Vulnerability from cnvd - Published: 2017-08-25

Title

Advantech WebOP Designer堆缓冲区溢出漏洞

Description

Advantech WebOP是操作面板产品。 Advantech WebOP Designer存在堆缓冲区溢出漏洞，允许远程攻击者利用漏洞提交特殊的请求，使应用程序崩溃或执行任意代码。

Severity

中

Patch Name

Advantech WebOP Designer堆缓冲区溢出漏洞的补丁

Patch Description

Advantech WebOP是操作面板产品。 Advantech WebOP Designer存在堆缓冲区溢出漏洞，允许远程攻击者利用漏洞提交特殊的请求，使应用程序崩溃或执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www.zerodayinitiative.com/advisories/ZDI-17-452/

Reference

http://www.securityfocus.com/bid/99476 http://www.zerodayinitiative.com/advisories/ZDI-17-452/

Impacted products

Name
Advantech WebOP Designer

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99476"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12705"
    }
  },
  "description": "Advantech WebOP\u662f\u64cd\u4f5c\u9762\u677f\u4ea7\u54c1\u3002\r\n\r\nAdvantech WebOP Designer\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ariele Caltabiano (kimiya).",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-17-452/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22809",
  "openTime": "2017-08-25",
  "patchDescription": "Advantech WebOP\u662f\u64cd\u4f5c\u9762\u677f\u4ea7\u54c1\u3002\r\n\r\nAdvantech WebOP Designer\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Advantech WebOP Designer\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Advantech WebOP Designer"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99476\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-17-452/",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-11",
  "title": "Advantech WebOP Designer\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-RXH2-9C3C-R8F2

Vulnerability from github – Published: 2022-05-17 00:24 – Updated: 2022-05-17 00:24

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-25T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.",
  "id": "GHSA-rxh2-9c3c-r8f2",
  "modified": "2022-05-17T00:24:36Z",
  "published": "2022-05-17T00:24:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12705"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-227-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99476"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-17-227-01

Vulnerability from csaf_cisa - Published: 2017-08-15 00:00 - Updated: 2017-08-15 00:00

Summary

Advantech WebOP

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Low skill level to exploit. Public exploits are available.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

North America, East Asia

Company headquarters location

Taiwan

Recommended Practices

NCCIC/ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Recommended Practices

Public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. Low skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ariele Caltabiano (kimiya)"
        ],
        "organization": "Trend Micro\u0027s Zero Day Initiative",
        "summary": "reporting this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Low skill level to exploit. Public exploits are available.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "North America, East Asia",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. Low skill level is needed to exploit.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-227-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-227-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-227-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-227-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-227-01"
      }
    ],
    "title": "Advantech WebOP",
    "tracking": {
      "current_release_date": "2017-08-15T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-227-01",
      "initial_release_date": "2017-08-15T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-15T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-227-01 Advantech WebOP"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "Researchers report that all versions of Advantech WebOP operator panels are affected",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "WebOP"
          }
        ],
        "category": "vendor",
        "name": "Advantech"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12705",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.CVE-2017-12705 has been assigned to this vulnerability. A CVSS v3 base score of 4.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12705"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Advantech was unable to verify the validity of this vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "ZDI recommends that this product be restricted to interact with trusted files only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12705 (GCVE-0-2017-12705)

GSD-2017-12705

VAR-201710-1110

FKIE_CVE-2017-12705

CNVD-2017-22809

GHSA-RXH2-9C3C-R8F2

ICSA-17-227-01

Tags

Sightings

Nomenclature