SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-633102682] Advantech WebAccess

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-14OtherAdvantechLi MingZheng Kuangn identified the vulnerability and tested the patch. N/ACVE-2017-5175 N/AN/AN/A

Source

						
							
								
#
# Advantech WebAccess
#


### VULNERABLE VENDOR
Advantech


### VULNERABLE PRODUCT
WebAccess



### RESEARCHER
Li MingZheng Kuangn identified the vulnerability and tested the patch.



### AFFECTED PRODUCTS

The following WebAccess, an HMI, versions are affected:

Advantech WebAccess Versions 8.1 and prior.



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system.



### VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT CWE-427
The DLL hijacking vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVE-2017-5175 has been assigned to this vulnerability.
A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Taiwan, United States, Europe
Company Headquarters Location: Taiwan




### MITIGATION

Advantech has released a new version of WebAccess to address the reported vulnerability. WebAccess Version 8.2 can be downloaded at:

http://www.advantech.com/industrial-automation/webaccess