PT-2018-18107 · Advantech · Advantech Webaccess Dashboard+3

Steven Seeley

Published

2018-05-15

Updated

2020-10-02

CVE-2018-7499

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions V8.2 20170817 and prior Advantech WebAccess versions V8.3.0 and prior Advantech WebAccess Dashboard versions V.2.0.15 and prior Advantech WebAccess Scada Node versions prior to 8.3.1 Advantech WebAccess/NMS 2.0.3 and prior

Description Several stack-based buffer overflow issues have been identified, which may allow an attacker to execute arbitrary code.

Recommendations For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817. For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0. For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15. For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later. For Advantech WebAccess/NMS 2.0.3 and prior, update to a version later than 2.0.3.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2018-7499

ZDI-18-490

ZDI-18-497

ZDI-18-498

ZDI-18-501

ZDI-18-502

ZDI-18-503

ZDI-18-504

ZDI-18-505

ZDI-18-506

ZDI-18-507

ZDI-18-508

ZDI-18-509

ZDI-18-510

ZDI-18-511

ZDI-18-512

ZDI-18-513

ZDI-18-514

ZDI-18-515

ZDI-18-516

ZDI-18-517

ZDI-18-518

ZDI-18-519

ZDI-18-520

ZDI-18-521

ZDI-18-522

ZDI-18-523

ZDI-18-524

ZDI-18-525

Affected Products

Advantech Webaccess

Advantech Webaccess Dashboard

Advantech Webaccess Scada Node

Advantech Webaccess/Nms

PT-2018-18107 · Advantech · Advantech Webaccess Dashboard+3

CVE-2018-7499

Weakness Enumeration

Related Identifiers

Affected Products

References · 32