CVE-2017-16728
published 2018-01-05CVE-2017-16728: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.08%
79.1th percentile
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | < 8.3 | 8.3 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m9r2-4rm8-4w6g: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8
ghsa_unreviewed·2022-05-13
CVE-2017-16728 [HIGH] CWE-476 GHSA-m9r2-4rm8-4w6g: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
CISA ICS
Advantech WebAccess (Update A)
cisa_ics·2018-01-04
Advantech WebAccess (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess (Update A)
Last RevisedJanuary 11, 2018
Alert CodeICSA-18-004-02A
## CVSS v3 8.2
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Path Traversal, SQL Injection, Improper Input Validation.
## UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site.
## AFFECTED PRODUCTS
Advantech reports the vulner
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-01-05
Published