CVE-2017-12706
published 2017-08-30CVE-2017-12706: A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities…
PriorityP357critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.17%
86.4th percentile
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.2 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess
cisa_ics·2017-08-29
Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedAugust 29, 2017
Alert CodeICSA-17-241-02
## CVSS v3 7.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: SQL Injection, Out-of-Bounds Access, Multiple Buffer Overflows, Externally Controlled Format String, Improper Authentication, Incorrect Permission Assignment for Critical Resource, Incorrect Privilege Assignment, Uncontrolled Search Path Element.
## AFFECTED PRODUCTS
The following versions of WebAccess, an HMI platform, are affected:
- WebAccess versions prior to V8.2_2017
GHSA
GHSA-3fq7-vqr9-hr59: A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8
ghsa_unreviewed·2022-05-13
CVE-2017-12706 [CRITICAL] CWE-119 GHSA-3fq7-vqr9-hr59: A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-30
Published