Lucene search
Steven Seeley (mr_me) of Offensive SecurityZDI-18-498HistoryMay 18, 2018 - 12:00 a.m.
Advantech WebAccess Node screnc Stack-based Buffer Overflow Remote Code Execution Vulnerability
2018-05-1800:00:00
Steven Seeley (mr_me) of Offensive Security
www.zerodayinitiative.com
12
EPSS
0.093
Percentile
94.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within screnc.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator.
Related
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Advantech WebAccess SCADA BwPSLinkZip Stack-based Buffer Overflow (CVE-2018-7499)
2018-11-22 00:00:00
Advantech WebAccess SCADA Buffer Overflow (CVE-2018-7499)
2019-02-17 00:00:00
nvd
nvd
CVE-2018-7499
2018-05-15 22:29:00
cve
cve
CVE-2018-7499
2018-05-15 22:29:00
prion
prion
Stack overflow
2018-05-15 22:29:00
nessus
nessus
Advantech WebAccess webvrpcs.exe 0x138bd IOCTL RCE
2019-05-03 00:00:00
cvelist
cvelist
CVE-2018-7499
2018-05-15 00:00:00
ics
ics
Advantech WebAccess
2018-05-18 12:00:00