CVE-2017-12708
published 2017-08-30CVE-2017-12708: An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817…
PriorityP354critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.38%
87.3th percentile
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.2 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess
cisa_ics·2017-08-29
Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedAugust 29, 2017
Alert CodeICSA-17-241-02
## CVSS v3 7.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: SQL Injection, Out-of-Bounds Access, Multiple Buffer Overflows, Externally Controlled Format String, Improper Authentication, Incorrect Permission Assignment for Critical Resource, Incorrect Privilege Assignment, Uncontrolled Search Path Element.
## AFFECTED PRODUCTS
The following versions of WebAccess, an HMI platform, are affected:
- WebAccess versions prior to V8.2_2017
GHSA
GHSA-x8v6-gf83-q3jc: An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8
ghsa_unreviewed·2022-05-13
CVE-2017-12708 [CRITICAL] CWE-119 GHSA-x8v6-gf83-q3jc: An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-30
Published