VAR-201801-0152
Vulnerability from variot - Updated: 2024-07-23 22:28An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": null,
"trust": 10.5,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "8.3"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.1"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "7.2"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Offensive Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
}
],
"trust": 10.5
},
"cve": "CVE-2017-16728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16728",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 9.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16728",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-16728",
"trust": 9.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-16728",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16728"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
}
],
"trust": 11.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16728",
"trust": 12.9
},
{
"db": "BID",
"id": "102424",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-004-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2018-00673",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5003",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-035",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4959",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-012",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4973",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-020",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5006",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-038",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5007",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-039",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4999",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-031",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5062",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-059",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4965",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-018",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4966",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-019",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4964",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-017",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4961",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-014",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5004",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-036",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4963",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-016",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4997",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-029",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5002",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-034",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E1079E-39AB-11E9-9B2B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"id": "VAR-201801-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
}
],
"trust": 1.23267184
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
}
]
},
"last_update_date": "2024-07-23T22:28:30.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 10.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02"
},
{
"title": "Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113125"
},
{
"title": "Advantech WebAccess Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77552"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 12.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102424"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"date": "2018-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"date": "2018-01-05T08:29:00.393000",
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-035"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-012"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-020"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-038"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-039"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-031"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-059"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-018"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-019"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-017"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-014"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-036"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-016"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-029"
},
{
"date": "2018-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-034"
},
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00673"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-241"
},
{
"date": "2019-10-09T23:25:15.270000",
"db": "NVD",
"id": "CVE-2017-16728"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess webvrpcs drawsrv SQLSetParam Untrusted Pointer Dereference Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-035"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-241"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…