PT-2016-4419 · Advantech · Webaccess
Ilya Karpov
·
Publicado
2016-01-15
·
Atualizado
2016-02-05
·
CVE-2016-0851
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess versions prior to 8.1
Description
The issue allows remote attackers to cause a denial of service due to out-of-bounds memory access. Additionally, there is a remote code execution vulnerability via an uncontrolled format string in the BwOpcSvc.dll sprintf function.
Recommendations
For versions prior to 8.1, update to version 8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the webvrpcs Service to minimize the risk of exploitation. Avoid using the sprintf function in the BwOpcSvc.dll until the issue is resolved.
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webaccess