virus logo Intrusion Prevention

Advantech.WebAccess.webvrpcs.Service.DrawSrv.Code.Execution

description-logoDescription

This indicates an attack attempt against a Code Execution vulnerability in the Advantech WebAccess.
This issue is caused by an error in the DrawSrv subsystem when handling malicious client requests. An attacker can exploit this to execute arbitrary code on vulnerable systems by sending a specially crafted client request.

affected-products-logoAffected Products

Advantech WebAccess 8.2_20170330
Advantech WebAccess 8.2
Advantech WebAccess 8.1_20160519
Advantech WebAccess 8.1
Advantech WebAccess 8.0_20150816
Advantech WebAccess 8
Advantech WebAccess 7.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the web site.
http://www.advantech.com/industrial-automation/webaccess

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-19 14.726 Name:Advantech.
WebAccess.
Webvrpcs.
Service.
DrawSrv.
Code.
Execution:Advantech.
WebAccess.
webvrpcs.
Service.
DrawSrv.
Code.
Execution
ID 45618
Created Feb 28, 2018
Updated Aug 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2017-12719
Exploit Prediction Score 1.06%
Default Action drop
Active
Affected OS Windows
Affected App SCADA