Lucene search
Mat Powell - Trend Micro Zero Day InitiativeZDI-18-501HistoryMay 18, 2018 - 12:00 a.m.
Advantech WebAccess Node waexec Stack-based Buffer Overflow Remote Code Execution Vulnerability
2018-05-1800:00:00
Mat Powell - Trend Micro Zero Day Initiative
www.zerodayinitiative.com
9
0.093 Low
EPSS
Percentile
94.7%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within waexec.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.
Related
zdi
zdi
cve
cve
CVE-2018-7499
2018-05-15 22:29:00
checkpoint_advisories
checkpoint_advisories
Advantech WebAccess SCADA BwPSLinkZip Stack-based Buffer Overflow (CVE-2018-7499)
2018-11-22 00:00:00
Advantech WebAccess SCADA Buffer Overflow (CVE-2018-7499)
2019-02-17 00:00:00
nvd
nvd
CVE-2018-7499
2018-05-15 22:29:00
nessus
nessus
Advantech WebAccess webvrpcs.exe 0x138bd IOCTL RCE
2019-05-03 00:00:00
prion
prion
Stack overflow
2018-05-15 22:29:00
cvelist
cvelist
CVE-2018-7499
2018-05-15 00:00:00
ics
ics
Advantech WebAccess
2018-05-18 12:00:00