Successful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
No known public exploits specifically target this vulnerability.
To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
For industrial control systems cybersecurity information: http://ics-cert.us-cert.gov
or incident reporting: https://ics-cert.us-cert.gov/Report-Incident?
The NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.
This product is provided subject to this Notification and this Privacy & Use policy.
Was this document helpful? Yes | Somewhat | No
{"id": "ICSA-17-012-01", "bulletinFamily": "info", "title": "Advantech WebAccess", "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2017-01-12T00:00:00", "modified": "2017-01-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-17-012-01", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "/forms/feedback?helpful=no&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "https://www.dhs.gov/plain-writing-dhs", "https://cwe.mitre.org/data/definitions/89.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "https://www.oig.dhs.gov/", "/forms/feedback?helpful=somewhat&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "https://cwe.mitre.org/data/definitions/592.html", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "/forms/feedback?helpful=yes&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://www.usa.gov/", "https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://www.dhs.gov/"], "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "type": "ics", "lastseen": "2019-10-23T22:48:12", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-07-19T15:42:04", "references": [{"idList": ["CVE-2017-5152", "CVE-2017-5154"], "type": "cve"}, {"idList": ["ZDI-17-043"], "type": "zdi"}, {"idList": ["OPENVAS:1361412562310140138", "OPENVAS:1361412562310106514"], "type": "openvas"}]}, "score": {"modified": "2019-07-19T15:42:04", "value": 7.4, "vector": "NONE"}}, "hash": "e93c7f417be60af3f4dbfe80d386d7ce15a8af70b3da61274500954632ac9669", "hashmap": [{"hash": "57ecd8a1b4c588356c05efda00388f7b", "key": "title"}, {"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "2a0e6bb8b6870052aca9dc60b2d91424", "key": "modified"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "238763898693317cbf7ea83c3cf558be", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "463b0b7ed7b6e00b4f0831eeae11e2f0", "key": "description"}, {"hash": "83021c502450cd33f63d6d726b8a5ee1", "key": "href"}, {"hash": "92abe16f867d72d8b94442cc020e912f", "key": "references"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}], "history": [], "href": "https://www.us-cert.gov//ics/advisories/ICSA-17-012-01", "id": "ICSA-17-012-01", "lastseen": "2019-07-19T15:42:04", "modified": "2017-01-19T00:00:00", "objectVersion": "1.3", "published": "2017-01-12T00:00:00", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "/forms/feedback?helpful=no&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "https://www.dhs.gov/plain-writing-dhs", "https://cwe.mitre.org/data/definitions/89.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "https://www.oig.dhs.gov/", "/forms/feedback?helpful=somewhat&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "https://cwe.mitre.org/data/definitions/592.html", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "/forms/feedback?helpful=yes&document=ICSA-17-012-01: Advantech WebAccess&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-17-012-01&site_name=US-CERT", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://www.usa.gov/", "https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-17-012-01", "https://www.dhs.gov/"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Advantech WebAccess", "type": "ics", "viewCount": 20}, "differentElements": ["references"], "edition": 8, "lastseen": "2019-07-19T15:42:04"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n", "edition": 1, "hash": "6290feb5e86a0f8fdaea460019b2aa42f10c3fbc2b734f305a6b6ede46be6031", "hashmap": [{"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "modified"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "238763898693317cbf7ea83c3cf558be", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d62815cb2b9c79f829a4deb8893e5cc2", "key": "href"}, {"hash": "4d116efb0f1af969e6e43908e86f9ac7", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d984ec8fc4b5858e9b7ad8e5840bd420", "key": "references"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "published"}, {"hash": "da3b473d4640a87cf05365172f5695a0", "key": "title"}], "history": [], "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-012-01", "id": "ICSA-17-012-01", "lastseen": "2017-01-13T01:32:50", "modified": "2017-01-12T00:00:00", "objectVersion": "1.2", "published": "2017-01-12T00:00:00", "references": ["https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-17-012-01 CVSS V3 9.8&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://cwe.mitre.org/data/definitions/89.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://cwe.mitre.org/data/definitions/592.html", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/privacy/", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.dhs.gov/report-cyber-risks", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-17-012-01 CVSS V3 9.8&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-17-012-01 CVSS V3 9.8&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "CVSS V3 9.8", "type": "ics", "viewCount": 11}, "differentElements": ["cvss", "references", "modified", "title"], "edition": 1, "lastseen": "2017-01-13T01:32:50"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n", "edition": 2, "enchantments": {}, "hash": "5008604bdab51457ce579af6114d71cd4fdc3ec64a55a3aaffb2b62bb57e06c1", "hashmap": [{"hash": "57ecd8a1b4c588356c05efda00388f7b", "key": "title"}, {"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "2a0e6bb8b6870052aca9dc60b2d91424", "key": "modified"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "238763898693317cbf7ea83c3cf558be", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d62815cb2b9c79f829a4deb8893e5cc2", "key": "href"}, {"hash": "4d116efb0f1af969e6e43908e86f9ac7", "key": "description"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "published"}, {"hash": "f1eaa8c0223e2afd52e71699d96a607c", "key": "references"}], "history": [], "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-012-01", "id": "ICSA-17-012-01", "lastseen": "2017-04-26T19:19:23", "modified": "2017-01-19T00:00:00", "objectVersion": "1.2", "published": "2017-01-12T00:00:00", "references": ["https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://cwe.mitre.org/data/definitions/89.html", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://cwe.mitre.org/data/definitions/592.html", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/privacy/", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.dhs.gov/report-cyber-risks"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Advantech WebAccess", "type": "ics", "viewCount": 11}, "differentElements": ["references"], "edition": 2, "lastseen": "2017-04-26T19:19:23"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "759ea934286e34bc44c29b5a97b8a26e1203a13b6c9857eba7af4d37fe7e877e", "hashmap": [{"hash": "57ecd8a1b4c588356c05efda00388f7b", "key": "title"}, {"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "2a0e6bb8b6870052aca9dc60b2d91424", "key": "modified"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "238763898693317cbf7ea83c3cf558be", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d62815cb2b9c79f829a4deb8893e5cc2", "key": "href"}, {"hash": "4d116efb0f1af969e6e43908e86f9ac7", "key": "description"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "published"}, {"hash": "c728fdaa19c3cdd2e0210f191ffbace0", "key": "references"}], "history": [], "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-012-01", "id": "ICSA-17-012-01", "lastseen": "2017-12-04T19:02:19", "modified": "2017-01-19T00:00:00", "objectVersion": "1.3", "published": "2017-01-12T00:00:00", "references": ["https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://ics-cert.us-cert.gov/Report-Incident?", "https://cwe.mitre.org/data/definitions/89.html", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://cwe.mitre.org/data/definitions/592.html", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/privacy/", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.dhs.gov/report-cyber-risks"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Advantech WebAccess", "type": "ics", "viewCount": 12}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-12-04T19:02:19"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2017-5152", "CVE-2017-5154"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "### CVSS V3 9.8\n\n**ATTENTION:** Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Advantech\n\n**Equipment:** WebAccess\n\n**Vulnerabilities:** Authentication Bypass, SQL Injection\n\n## AFFECTED PRODUCTS\n\nThe following WebAccess version is affected:\n\n * WebAccess Version 8.1\n\n## IMPACT\n\nSuccessful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.\n\n## MITIGATION\n\nAdvantech has produced WebAccess Version 8.2 that mitigates these vulnerabilities. The new version can be downloaded at [http://www.advantech.com/industrial-automation/webaccess](<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [SQL INJECTION CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nTo be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.\n\n[CVE-2017-5154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n## [AUTHENTICATION BYPASS ISSUES CWE-592](<https://cwe.mitre.org/data/definitions/592.html>)\n\nBy accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted.\n\n[CVE-2017-5152](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nTenable Network Security working with Trend Micro's Zero Day Initiative\n", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-05-29T18:32:10", "references": [{"idList": ["CVE-2017-5152", "CVE-2017-5154"], "type": "cve"}, {"idList": ["ZDI-17-043"], "type": "zdi"}, {"idList": ["OPENVAS:1361412562310140138", "OPENVAS:1361412562310106514"], "type": "openvas"}]}, "score": {"modified": "2019-05-29T18:32:10", "value": 7.1, "vector": "NONE"}}, "hash": "4e5232d0af9ab2036a01a62b4292ddede826cccb015e1c4537a06648ccc00cba", "hashmap": [{"hash": "57ecd8a1b4c588356c05efda00388f7b", "key": "title"}, {"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "2a0e6bb8b6870052aca9dc60b2d91424", "key": "modified"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "238763898693317cbf7ea83c3cf558be", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d62815cb2b9c79f829a4deb8893e5cc2", "key": "href"}, {"hash": "4d116efb0f1af969e6e43908e86f9ac7", "key": "description"}, {"hash": "14b0513df642736bf92d5ce32ed5979c", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "c728fdaa19c3cdd2e0210f191ffbace0", "key": "references"}], "history": [], "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-012-01", "id": "ICSA-17-012-01", "lastseen": "2019-05-29T18:32:10", "modified": "2017-01-19T00:00:00", "objectVersion": "1.3", "published": "2017-01-12T00:00:00", "references": ["https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://ics-cert.us-cert.gov/Report-Incident?", "https://cwe.mitre.org/data/definitions/89.html", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.advantech.com_industrial-2Dautomation_webaccess&d=DQMGaQ&c=54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00&r=uwyZa8MpvYuELzcbQo3O8w&m=B1NbjjB3HvkL8cRddR7Wjad3cVM_jG_llwiSN6PSdak&s=E0QUbGEoBOGdcHbiGNlYgf9-lEDJpzXH7QL3F94YtUs&e=", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://cwe.mitre.org/data/definitions/592.html", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-17-012-01", "http://www.us-cert.gov/privacy/", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-17-012-01 Advantech WebAccess&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01&site_name=ICS-CERT", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.dhs.gov/report-cyber-risks"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Advantech WebAccess", "type": "ics", "viewCount": 18}, "differentElements": ["references", "description", "href"], "edition": 6, "lastseen": "2019-05-29T18:32:10"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "238763898693317cbf7ea83c3cf558be"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "463b0b7ed7b6e00b4f0831eeae11e2f0"}, {"key": "href", "hash": "83021c502450cd33f63d6d726b8a5ee1"}, {"key": "modified", "hash": "2a0e6bb8b6870052aca9dc60b2d91424"}, {"key": "published", "hash": "14b0513df642736bf92d5ce32ed5979c"}, {"key": "references", "hash": "fffb13c35aef471c38ffdf1d6bb3f3d0"}, {"key": "reporter", "hash": "8cff2908af01aa53a58927e674d1f945"}, {"key": "title", "hash": "57ecd8a1b4c588356c05efda00388f7b"}, {"key": "type", "hash": "669dbcecfbb91195b183fceab6920a7a"}], "hash": "918e584eae78add8a8c95f077fb2c4863c65db70c881a123a54044b66dd5b108", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-5152", "CVE-2017-5154"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140138", "OPENVAS:1361412562310106514"]}, {"type": "zdi", "idList": ["ZDI-17-043"]}], "modified": "2019-10-23T22:48:12"}, "score": {"value": 7.4, "vector": "NONE", "modified": "2019-10-23T22:48:12"}, "vulnersScore": 7.4}, "objectVersion": "1.3", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:17:07", "bulletinFamily": "NVD", "description": "An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).", "modified": "2017-11-03T01:29:00", "id": "CVE-2017-5152", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5152", "published": "2017-02-13T21:59:00", "title": "CVE-2017-5152", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:17:07", "bulletinFamily": "NVD", "description": "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.", "modified": "2017-11-03T01:29:00", "id": "CVE-2017-5154", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5154", "published": "2017-02-13T21:59:00", "title": "CVE-2017-5154", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "scanner", "description": "Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability.", "modified": "2019-04-26T00:00:00", "published": "2017-01-31T00:00:00", "id": "OPENVAS:1361412562310140138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140138", "title": "Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:advantech:advantech_webaccess';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140138\");\n script_bugtraq_id(95410);\n script_cve_id(\"CVE-2017-5154\", \"CVE-2017-5152\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-04-26T08:24:31+0000\");\n\n script_name(\"Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/95410\");\n script_xref(name:\"URL\", value:\"http://webaccess.advantech.com\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-043/\");\n script_xref(name:\"URL\", value:\"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit these issues to bypass certain security restrictions, perform\n unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify\n data, other consequences are possible as well.\");\n\n script_tag(name:\"vuldetect\", value:\"Try to bypass authentication by sending two special crafted requests.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references or vendor advisory for more information.\");\n\n script_tag(name:\"summary\", value:\"Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability.\");\n\n script_tag(name:\"affected\", value:\"WebAccess 8.1 is vulnerable, other versions may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-31 16:34:49 +0100 (Tue, 31 Jan 2017)\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_advantech_webaccess_consolidation.nasl\");\n script_mandatory_keys(\"advantech/webaccess/detected\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe: CPE, service: \"www\" ) )\n exit( 0 );\n\nif( ! get_app_location( cpe: CPE, port: port ) )\n exit( 0 );\n\nvt_strings = get_vt_strings();\ndata = \"projName=\" + vt_strings[\"default\"] + \"&nodeName=\" + vt_strings[\"default\"] + \"&waPath=C:\\\\WebAccess\\\\Node\";\nasp_session = \"ASP.NET_SessionId=\" + crap( data:rand_str( charset:\"abcdefghijklmnopqrstuvwxyz\", length:1 ), length:24 );\n\nreq = http_get_req( port: port, url: \"/WaExlViewer/templateList.aspx\", add_headers: make_array( \"Cookie\", asp_session ) );\nbuf = http_keepalive_send_recv( port: port, data: req, bodyonly: FALSE );\n\nif( \"signinonly.asp\" >!< buf )\n exit( 0 );\n\nreq = http_post_req( port: port, url: \"/WaExlViewer/openRpt.aspx\", data: data, add_headers: make_array( \"Cookie\", asp_session,\n \"Content-Type\", \"application/x-www-form-urlencoded\" ) );\nbuf = http_keepalive_send_recv( port: port, data: req, bodyonly: FALSE );\n\nif( buf !~ \"HTTP/1\\.. 200\" )\n exit( 99 );\n\nreq1 = http_get_req( port: port, url: \"/WaExlViewer/templateList.aspx\", add_headers: make_array( \"Cookie\", asp_session ) );\nbuf = http_keepalive_send_recv( port: port, data: req1, bodyonly: FALSE );\n\nif( \"Template List\" >< buf && \"function popupChangeTemplateDiv\" >< buf && \"templateName\" >< buf )\n{\n security_message( port: port, data: 'It was possible to bypass authentication by sending two requests:\\n\\nRequest1:\\n\\n' + req + '\\n\\nRequest2:\\n\\n' + req1 + '\\n\\nResult (truncated):\\n\\n' + substr( buf, 0, 2000 ) + '\\n[...]\\n\\n' );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "scanner", "description": "Advantech WebAccess is prone to multiple vulnerabilities.", "modified": "2019-04-06T00:00:00", "published": "2017-01-13T00:00:00", "id": "OPENVAS:1361412562310106514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106514", "title": "Advantech WebAccess Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_advantech_webaccess_mult_vuln_jan.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Advantech WebAccess Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:advantech:advantech_webaccess\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106514\");\n script_version(\"2019-04-06T12:52:40+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-06 12:52:40 +0000 (Sat, 06 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 14:10:12 +0700 (Fri, 13 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-5152\", \"CVE-2017-5154\", \"CVE-2017-5175\", \"CVE-2017-7929\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Advantech WebAccess Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_advantech_webaccess_consolidation.nasl\");\n script_mandatory_keys(\"advantech/webaccess/detected\");\n script_tag(name:\"summary\", value:\"Advantech WebAccess is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Advantech WebAccess is prone to multiple vulnerabilities:\n\n - SQL Injection (CVE-2017-5154)\n\n - Authentication Bypass (CVE-2017-5152)\n\n - DLL Hijacking (CVE-2017-5175)\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may gain administrative access to the application and its\ndata files.\");\n\n script_tag(name:\"affected\", value:\"WebAccess versions prior to 8.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Version 8.2 or later\");\n\n script_xref(name:\"URL\", value:\"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01\");\n script_xref(name:\"URL\", value:\"https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01\");\n script_xref(name:\"URL\", value:\"https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03\");\n\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port(cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location(cpe: CPE, port: port ) )\n exit( 0 );\n\npath = infos[\"location\"];\nvers = infos[\"version\"];\n\nif( version_is_less( version: vers, test_version: \"8.2\" ) ) {\n report = report_fixed_ver( installed_version: vers, fixed_version: \"8.2\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2017-01-13T01:32:45", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.\n\nThe specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess.", "modified": "2017-01-13T00:00:00", "published": "2017-01-12T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-17-043", "id": "ZDI-17-043", "type": "zdi", "title": "Advantech WebAccess updateTemplate SQL Injection Information Disclosure Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}]}