PT-2018-6315 · Advantech · Advantech Webaccess

Publicado

2018-01-05

·

Atualizado

2019-10-09

·

CVE-2017-16728

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions prior to 8.3
Description: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess, which may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. The issue affects multiple functions, including SQLSetConnectOption, SQLFreeConnect, SQLExecute, SQLFetchScroll, SQLDescribeParam, SQLExecDirect, SQLSetEnvAttr, SQLConnect, SQLFreeEnv, SQLPrepare, SQLNumResultCols, SQLParamData, SQLDisconnect, SQLAllocStmt, SQLSetParam, SQLFetch, SQLFreeStmt, SQLCancel, SQLSetStmtAttr, and SQLPutData.
Recommendations: For Advantech WebAccess versions prior to 8.3, update to version 8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available. Avoid using the affected functions in the webvrpcs drawsrv module to minimize the risk of exploitation.

Correção

NULL Pointer Dereference

Untrusted Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476CWE-822

Identificadores relacionados

CVE-2017-16728
ZDI-18-009
ZDI-18-010
ZDI-18-011
ZDI-18-012
ZDI-18-013
ZDI-18-014
ZDI-18-015
ZDI-18-016
ZDI-18-017
ZDI-18-018
ZDI-18-019
ZDI-18-020
ZDI-18-021
ZDI-18-022
ZDI-18-029
ZDI-18-030
ZDI-18-031
ZDI-18-032
ZDI-18-033
ZDI-18-034
ZDI-18-035
ZDI-18-036
ZDI-18-037
ZDI-18-038
ZDI-18-039
ZDI-18-040
ZDI-18-057
ZDI-18-059

Produtos afetados

Advantech Webaccess