ID

VAR-201810-0398


CVE

CVE-2018-14820


TITLE

Advantech WebAccess Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011086

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess Contains an input validation vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. .dll is one of the dynamic link library components. A security vulnerability exists in the .dll component of Advantech WebAccess 8.3.1 and earlier. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2018-14820 // JVNDB: JVNDB-2018-011086 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // BID: 105728 // IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // VULHUB: VHN-125018

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // CNVD: CNVD-2018-21919

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.1

Trust: 1.8

vendor:advantechmodel:webaccessscope:eqversion:8.3.1

Trust: 0.9

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14820
value: HIGH

Trust: 1.0

NVD: CVE-2018-14820
value: HIGH

Trust: 0.8

ZDI: CVE-2018-14820
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-21919
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-1189
value: HIGH

Trust: 0.6

IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-125018
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14820
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-14820
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-21919
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-125018
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14820
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-73

Trust: 1.0

sources: VULHUB: VHN-125018 // JVNDB: JVNDB-2018-011086 // NVD: CVE-2018-14820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1189

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // CNNVD: CNNVD-201810-1189

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011086

PATCH

title:トップページurl:https://www.advantech.co.jp/

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01

Trust: 0.7

title:Advantech WebAccess patch for arbitrary file removal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/143337

Trust: 0.6

title:Advantech WebAccess .dll Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86281

Trust: 0.6

sources: ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189

EXTERNAL IDS

db:NVDid:CVE-2018-14820

Trust: 4.3

db:ICS CERTid:ICSA-18-296-01

Trust: 3.4

db:BIDid:105728

Trust: 2.6

db:SECTRACKid:1041939

Trust: 1.7

db:CNNVDid:CNNVD-201810-1189

Trust: 0.9

db:CNVDid:CNVD-2018-21919

Trust: 0.8

db:JVNDBid:JVNDB-2018-011086

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6286

Trust: 0.7

db:ZDIid:ZDI-18-1299

Trust: 0.7

db:IVDid:E2FEA1C1-39AB-11E9-962F-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-125018

Trust: 0.1

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01

Trust: 3.0

url:http://www.securityfocus.com/bid/105728

Trust: 1.7

url:http://www.securitytracker.com/id/1041939

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14820

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-14820

Trust: 0.8

url:http://webaccess.advantech.com

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,

Trust: 0.1

sources: ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.0

sources: ZDI: ZDI-18-1299 // BID: 105728

SOURCES

db:IVDid:e2fea1c1-39ab-11e9-962f-000c29342cb1
db:ZDIid:ZDI-18-1299
db:CNVDid:CNVD-2018-21919
db:VULHUBid:VHN-125018
db:BIDid:105728
db:JVNDBid:JVNDB-2018-011086
db:CNNVDid:CNNVD-201810-1189
db:NVDid:CVE-2018-14820

LAST UPDATE DATE

2024-08-14T14:32:56.278000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-1299date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21919date:2018-10-26T00:00:00
db:VULHUBid:VHN-125018date:2019-10-09T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011086date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1189date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14820date:2023-11-07T02:53:02.187

SOURCES RELEASE DATE

db:IVDid:e2fea1c1-39ab-11e9-962f-000c29342cb1date:2018-10-26T00:00:00
db:ZDIid:ZDI-18-1299date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21919date:2018-10-26T00:00:00
db:VULHUBid:VHN-125018date:2018-10-23T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011086date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1189date:2018-10-24T00:00:00
db:NVDid:CVE-2018-14820date:2018-10-23T20:29:00.623