Sign-up

ID

VAR-201805-0249


CVE

CVE-2018-10589


TITLE

Advantech WebAccess Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005067

DESCRIPTION

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A path traversal vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier

Trust: 3.33

sources: NVD: CVE-2018-10589 // JVNDB: JVNDB-2018-005067 // ZDI: ZDI-18-483 // CNVD: CNVD-2018-10660 // BID: 104190 // IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // VULHUB: VHN-120363

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // CNVD: CNVD-2018-10660

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.2_20170817

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:8.3.0

Trust: 1.8

vendor:advantechmodel:webaccess dashboardscope:lteversion:2.0.15

Trust: 1.8

vendor:advantechmodel:webaccess scada nodescope:ltversion:8.3.1

Trust: 1.4

vendor:advantechmodel:webaccess scadascope:ltversion:8.3.1

Trust: 1.0

vendor:advantechmodel:webaccess\/nmsscope:lteversion:2.0.3

Trust: 1.0

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0.15

Trust: 0.9

vendor:advantechmodel:webaccess/nmsscope:lteversion:2.0.3

Trust: 0.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess <=8.2 20170817scope: - version: -

Trust: 0.6

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.0

Trust: 0.6

vendor:advantechmodel:webaccess dashboardscope:lteversion:<=2.0.15

Trust: 0.6

vendor:advantechmodel:webaccess/nmsscope:lteversion:<=2.0.3

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.2_20170817

Trust: 0.6

vendor:advantechmodel:webaccess\/nmsscope:eqversion:2.0.3

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0.3

Trust: 0.3

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccess scada nodescope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170817scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.1

Trust: 0.3

vendor:webaccess dashboardmodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess scadamodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess nmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // ZDI: ZDI-18-483 // CNVD: CNVD-2018-10660 // BID: 104190 // JVNDB: JVNDB-2018-005067 // CNNVD: CNNVD-201805-451 // NVD: CVE-2018-10589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10589
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10589
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-10589
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-10660
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-451
value: CRITICAL

Trust: 0.6

IVD: e2f18262-39ab-11e9-8aec-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-120363
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-10589
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-10589
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-10660
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f18262-39ab-11e9-8aec-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-120363
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10589
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // ZDI: ZDI-18-483 // CNVD: CNVD-2018-10660 // VULHUB: VHN-120363 // JVNDB: JVNDB-2018-005067 // CNNVD: CNNVD-201805-451 // NVD: CVE-2018-10589

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-120363 // JVNDB: JVNDB-2018-005067 // NVD: CVE-2018-10589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-451

TYPE

Path traversal

Trust: 0.8

sources: IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // CNNVD: CNNVD-201805-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005067

PATCH
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess/webaccessscada
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01
Trust: 0.7
title:Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-10660)url:https://www.cnvd.org.cn/patchInfo/show/130697
Trust: 0.6
title:Multiple Advantech Product path traversal vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80061
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-483 // 
            
            
            
            CNVD: CNVD-2018-10660 // 
            
            
            
            JVNDB: JVNDB-2018-005067 // 
            
            
            
            CNNVD: CNNVD-201805-451

EXTERNAL IDS
db:NVDid:CVE-2018-10589
Trust: 4.3
db:ICS CERTid:ICSA-18-135-01
Trust: 3.4
db:BIDid:104190
Trust: 2.6
db:CNVDid:CNVD-2018-10660
Trust: 0.8
db:CNNVDid:CNNVD-201805-451
Trust: 0.8
db:JVNDBid:JVNDB-2018-005067
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5627
Trust: 0.7
db:ZDIid:ZDI-18-483
Trust: 0.7
db:IVDid:E2F18262-39AB-11E9-8AEC-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-120363
Trust: 0.1
sources:
            
            
            IVD: e2f18262-39ab-11e9-8aec-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-483 // 
            
            
            
            CNVD: CNVD-2018-10660 // 
            
            
            
            VULHUB: VHN-120363 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005067 // 
            
            
            
            CNNVD: CNNVD-201805-451 // 
            
            
            
            NVD: CVE-2018-10589

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-135-01
Trust: 4.1
url:http://www.securityfocus.com/bid/104190
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10589
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10589
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-483 // 
            
            
            
            CNVD: CNVD-2018-10660 // 
            
            
            
            VULHUB: VHN-120363 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005067 // 
            
            
            
            CNNVD: CNNVD-201805-451 // 
            
            
            
            NVD: CVE-2018-10589

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-483

SOURCES
db:IVDid:e2f18262-39ab-11e9-8aec-000c29342cb1
db:ZDIid:ZDI-18-483
db:CNVDid:CNVD-2018-10660
db:VULHUBid:VHN-120363
db:BIDid:104190
db:JVNDBid:JVNDB-2018-005067
db:CNNVDid:CNNVD-201805-451
db:NVDid:CVE-2018-10589

LAST UPDATE DATE
2024-08-14T13:45:47.984000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-483date:2018-09-13T00:00:00
db:CNVDid:CNVD-2018-10660date:2018-05-31T00:00:00
db:VULHUBid:VHN-120363date:2019-10-09T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005067date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-451date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10589date:2019-10-09T23:32:51.353

SOURCES RELEASE DATE
db:IVDid:e2f18262-39ab-11e9-8aec-000c29342cb1date:2018-05-31T00:00:00
db:ZDIid:ZDI-18-483date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-10660date:2018-05-31T00:00:00
db:VULHUBid:VHN-120363date:2018-05-15T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005067date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-451date:2018-05-16T00:00:00
db:NVDid:CVE-2018-10589date:2018-05-15T22:29:00.267