PT-2018-18658 · Advantech · Advantech Webaccess Dashboard+3

Steven Seeley

·

Publicado

2018-05-15

·

Atualizado

2020-09-29

·

CVE-2018-8845

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions V8.2 20170817 and prior Advantech WebAccess versions V8.3.0 and prior Advantech WebAccess Dashboard versions V.2.0.15 and prior Advantech WebAccess Scada Node versions prior to 8.3.1 Advantech WebAccess/NMS versions 2.0.3 and prior
Description A heap-based buffer overflow issue has been identified, which may allow an attacker to execute arbitrary code. The strcpy function is vulnerable to a heap-based buffer overflow, potentially enabling remote code execution.
Recommendations For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817. For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0. For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15. For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later. For Advantech WebAccess/NMS versions 2.0.3 and prior, update to a version later than 2.0.3.

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

CVE-2018-8845
ZDI-18-527

Produtos afetados

Advantech Webaccess
Advantech Webaccess Dashboard
Advantech Webaccess Scada Node
Advantech Webaccess/Nms