PT-2017-3591 · Advantech · Advantech Webaccess

Published

2017-08-04

Updated

2019-10-09

CVE-2017-16724

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions prior to 8.3

Description: The issue is caused by a stack-based buffer overflow in the BwFreRPT component of Advantech WebAccess. This allows a remote attacker to execute arbitrary code as an administrator. The vulnerability is due to writing too much data to a location on the stack.

Recommendations: For versions prior to 8.3, update to version 8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using functions or parameters that may trigger the buffer overflow until the issue is resolved.

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2018-00530

CVE-2017-16724

ZDI-18-023

ZDI-18-025

ZDI-18-041

ZDI-18-042

ZDI-18-043

ZDI-18-044

ZDI-18-045

ZDI-18-046

ZDI-18-047

ZDI-18-048

ZDI-18-049

ZDI-18-050

ZDI-18-051

ZDI-18-052

ZDI-18-053

ZDI-18-054

ZDI-18-058

ZDI-18-060

ZDI-18-061

ZDI-18-062

Affected Products

Advantech Webaccess

PT-2017-3591 · Advantech · Advantech Webaccess

CVE-2017-16724

Weakness Enumeration

Related Identifiers

Affected Products

References · 26