Risk | High |
Patch available | NO |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2018-8837 CVE-2018-8835 CVE-2018-8833 |
CWE-ID | CWE-787 CWE-415 CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
WebAccess HMI Designer Server applications / SCADA systems |
Vendor | Advantech Co., Ltd |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU12175
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-8837
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into processing specially crafted .pm3 files, cause the system to write outside the intended buffer area and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
WebAccess HMI Designer: 2.1 - 2.1.7.32
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-114-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12174
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-8835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to double free memory error when handling malicious input. A remote attacker can trick the victim into processing specially crafted .pm3 files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
WebAccess HMI Designer: 2.1 - 2.1.7.32
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-114-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12173
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-8833
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into processing specially crafted .pm3 files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
WebAccess HMI Designer: 2.1 - 2.1.7.32
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-114-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.