CVE-2017-12708 - OpenCVE

An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Advantech	Webaccess

Configuration 1 [-]

cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100526
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-08-30T18:00:00

Updated: 2024-08-05T18:43:56.601Z

Reserved: 2017-08-09T00:00:00

Link: CVE-2017-12708

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-30T18:29:00.530

Modified: 2019-10-09T23:23:10.653

Link: CVE-2017-12708

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Advantech WebAccess", "vendor": "n/a", "versions": [{"status": "affected", "version": "Advantech WebAccess"}]}], "datePublic": "2017-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"}, {"name": "100526", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100526"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12708", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Advantech WebAccess", "version": {"version_data": [{"version_value": "Advantech WebAccess"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"}, {"name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.601Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"}, {"name": "100526", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100526"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12708", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.601Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C75B6F-94D4-4051-8B98-A12B61063140", "versionEndIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad en la que se restringe incorrectamente las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los investigadores han identificado m\u00faltiples vulnerabilidades que permiten que se referencien ubicaciones no v\u00e1lidas al b\u00fafer de memoria, lo que puede permitir que un atacante ejecute c\u00f3digo arbitrario o haga que el sistema falle."}], "id": "CVE-2017-12708", "lastModified": "2019-10-09T23:23:10.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-30T18:29:00.530", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100526"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}