Buffer Overflow Vulnerability in WebAccess by Advantech
CVE-2018-17910

7.8HIGH

Key Information:

Vendor
Advantech
Status
Webaccess Versions 8.3.2 And Prior.
Vendor
CVE Published:
29 October 2018

Summary

The WebAccess application by Advantech is susceptible to a buffer overflow due to improper validation of user-supplied data lengths. This vulnerability allows attackers to exploit the system by sending specially crafted input, leading to arbitrary remote code execution. Affected versions include WebAccess 8.3.2 and earlier, which may open critical security holes for compromised systems.

Affected Version(s)

WebAccess 8.3.2 and prior. WebAccess Versions 8.3.2 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02
x_refsource_MISC
http://www.securityfocus.com/bid/105736
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041957
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.