CVE-2018-18999

Published: Dec 19, 2018Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

Affected (1)

Products: Advantech: Webaccess/scada

Advantech

1 product

Webaccess/scada

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Advantech Webaccess/scada	Version 8.3.2

Running on/with	Platform Versions
Microsoft Windows Server 2008	Version r2 sp1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.securityfocus.com/bid/106245

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.tenable.com/security/research/tra-2018-45

Source: ics-cert@hq.dhs.gov

Third Party Advisory

http://www.securityfocus.com/bid/106245

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.tenable.com/security/research/tra-2018-45

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.