CVE-2017-14016
published 2017-11-06CVE-2017-14016: A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the…
PriorityP356medium6.3CVSS 3.0
AVNACLPRNUIRSUCLILAL
EXPLOIT
EPSS
16.04%
96.5th percentile
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | < 8.2_20170817 | 8.2_20170817 |
CVSS provenance
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess
cisa_ics·2017-11-02
Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedNovember 02, 2017
Alert CodeICSA-17-306-02
## CVSS v3 7.3
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: Stack-based Buffer Overflow, Untrusted Pointer Dereference
## AFFECTED PRODUCTS
The following versions of WebAccess, an HMI platform, are affected:
- WebAccess versions prior to V8.2_20170817
## IMPACT
Successful exploitation of these vulnerabilities may allow remote code execution.
## MITIGATION
Advantech has released a new version of WebAccess to address the report
GHSA
GHSA-vc8f-hrqm-mw6f: A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8
ghsa_unreviewed·2022-05-17
CVE-2017-14016 [MEDIUM] CWE-119 GHSA-vc8f-hrqm-mw6f: A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
No detection rules found.
Exploit-DB
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
exploitdb·2017-12-14
CVE-2017-14016 Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Advantech WebAccess 8.2.
By sending a specially crafted DCERPC request, an attacker could overflow
the buffer and execute arbitrary code.
},
'Author' => [ 'mr_me ' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'ZDI', '17-938' ],
[ 'CVE', '2017-14016' ],
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02' ]
],
'Privileged' => true,
'DefaultOptions' =>
{
'EXITFUNC' => '
Metasploit
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
metasploit
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
No writeups or analysis indexed.
2017-11-06
Published