CVE-2018-18999
published 2018-12-19CVE-2018-18999: WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to…
PriorityP341high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
2.31%
81.2th percentile
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess_scada | — | — |
| webaccess | scada | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess/SCADA
cisa_ics·2018-12-18·CVSS 7.3
[HIGH] Advantech WebAccess/SCADA
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess/SCADA
Last RevisedDecember 18, 2018
Alert CodeICSA-18-352-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.3
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess/SCADA
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a stack buffer overflow condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of WebAccess/SCADA, a SCADA software platform, are affected:
- WebAccess/SCADA Version 8.3.2 installed on Windows 20
Cisco
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
vendor_cisco·2018-03-28·CVSS 9.8
CVE-2018-0151 [CRITICAL] CWE-119 Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker coul
Cisco
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0151 Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
CVE-2018-0151: Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The
GHSA
GHSA-q9q3-g4f5-x6g7: WebAccess/SCADA, WebAccess/SCADA Version 8
ghsa_unreviewed·2022-05-13
CVE-2018-18999 [HIGH] CWE-787 GHSA-q9q3-g4f5-x6g7: WebAccess/SCADA, WebAccess/SCADA Version 8
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
No detection rules found.
No public exploits indexed.
2018-12-19
Published