Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2017-16728
HistoryJan 05, 2018 - 8:29 a.m.

CVE-2017-16728

2018-01-0508:29:00
CWE-822
CWE-476
icscert
web.nvd.nist.gov
37
cve-2017-16728
untrusted pointer dereference
advantech webaccess
vulnerability
memory crash

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

Affected configurations

Nvd
Node
advantechwebaccessRange<8.3
VendorProductVersionCPE
advantechwebaccess*cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Advantech WebAccess",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Advantech WebAccess"
      }
    ]
  }
]

Related

zdi 28
nvd 1
cvelist 1
prion 1
ics 2
zdi
zdi
Advantech WebAccess webvrpcs drawsrv SQLAllocStmt Untrusted Pointer Dereference Remote Code Execution Vulnerability
2018-01-05 00:00:00
Advantech WebAccess webvrpcs drawsrv SQLCancel Untrusted Pointer Dereference Remote Code Execution Vulnerability
2018-01-05 00:00:00
Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability
2018-01-05 00:00:00
nvd
nvd
CVE-2017-16728
2018-01-05 08:29:00
cvelist
cvelist
CVE-2017-16728
2018-01-05 08:00:00
prion
prion
Null pointer dereference
2018-01-05 08:29:00
ics
ics
Advantech WebAccess
2018-01-04 00:00:00
Advantech WebAccess (Update A)
2018-01-11 12:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON
Related for CVE-2017-16728
zdi28nvd1cvelist1prion1ics2