A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
Published 2017-11-06 22:29:00
Updated 2017-12-20 02:29:03
Source ICS-CERT
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2017-14016

Probability of exploitation activity in the next 30 days: 16.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2017-14016

  • Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
    Disclosure Date: 2017-11-02
    First seen: 2020-04-26
    exploit/windows/scada/advantech_webaccess_webvrpcs_bof
    This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. Authors: - mr_me <mr_me@offensive-security.com>

CVSS scores for CVE-2017-14016

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
6.3
MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2.8
3.4
NIST

CWE ids for CVE-2017-14016

References for CVE-2017-14016

Products affected by CVE-2017-14016

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!