Details of VAR-201810-0398

ID

VAR-201810-0398

CVE

CVE-2018-14820

TITLE

Advantech WebAccess Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011086

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess Contains an input validation vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. .dll is one of the dynamic link library components. A security vulnerability exists in the .dll component of Advantech WebAccess 8.3.1 and earlier. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2018-14820 // JVNDB: JVNDB-2018-011086 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // BID: 105728 // IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // VULHUB: VHN-125018

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // CNVD: CNVD-2018-21919

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.1	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.1	Trust: 0.9
vendor:	advantech	model:	webaccess node	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess	scope:	lte	version:	<=8.3.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14820
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14820
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-14820
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-21919
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-1189
value:	HIGH
Trust: 0.6
IVD:	e2fea1c1-39ab-11e9-962f-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-125018
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14820
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-14820
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-21919
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fea1c1-39ab-11e9-962f-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-125018
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14820
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-73	Trust: 1.0

sources: VULHUB: VHN-125018 // JVNDB: JVNDB-2018-011086 // NVD: CVE-2018-14820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1189

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // CNNVD: CNNVD-201810-1189

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011086

PATCH

title:	トップページ	url:	https://www.advantech.co.jp/	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01	Trust: 0.7
title:	Advantech WebAccess patch for arbitrary file removal vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/143337	Trust: 0.6
title:	Advantech WebAccess .dll Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86281	Trust: 0.6

sources: ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14820	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-296-01	Trust: 3.4
db:	BID	id:	105728	Trust: 2.6
db:	SECTRACK	id:	1041939	Trust: 1.7
db:	CNNVD	id:	CNNVD-201810-1189	Trust: 0.9
db:	CNVD	id:	CNVD-2018-21919	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-011086	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6286	Trust: 0.7
db:	ZDI	id:	ZDI-18-1299	Trust: 0.7
db:	IVD	id:	E2FEA1C1-39AB-11E9-962F-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-125018	Trust: 0.1

sources: IVD: e2fea1c1-39ab-11e9-962f-000c29342cb1 // ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01	Trust: 3.0
url:	http://www.securityfocus.com/bid/105728	Trust: 1.7
url:	http://www.securitytracker.com/id/1041939	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14820	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14820	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,	Trust: 0.1

sources: ZDI: ZDI-18-1299 // CNVD: CNVD-2018-21919 // VULHUB: VHN-125018 // BID: 105728 // JVNDB: JVNDB-2018-011086 // CNNVD: CNNVD-201810-1189 // NVD: CVE-2018-14820

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.0

sources: ZDI: ZDI-18-1299 // BID: 105728

SOURCES

db:	IVD	id:	e2fea1c1-39ab-11e9-962f-000c29342cb1
db:	ZDI	id:	ZDI-18-1299
db:	CNVD	id:	CNVD-2018-21919
db:	VULHUB	id:	VHN-125018
db:	BID	id:	105728
db:	JVNDB	id:	JVNDB-2018-011086
db:	CNNVD	id:	CNNVD-201810-1189
db:	NVD	id:	CVE-2018-14820

LAST UPDATE DATE

2024-08-14T14:32:56.278000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1299	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21919	date:	2018-10-26T00:00:00
db:	VULHUB	id:	VHN-125018	date:	2019-10-09T00:00:00
db:	BID	id:	105728	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-011086	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1189	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14820	date:	2023-11-07T02:53:02.187

SOURCES RELEASE DATE

db:	IVD	id:	e2fea1c1-39ab-11e9-962f-000c29342cb1	date:	2018-10-26T00:00:00
db:	ZDI	id:	ZDI-18-1299	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21919	date:	2018-10-26T00:00:00
db:	VULHUB	id:	VHN-125018	date:	2018-10-23T00:00:00
db:	BID	id:	105728	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-011086	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1189	date:	2018-10-24T00:00:00
db:	NVD	id:	CVE-2018-14820	date:	2018-10-23T20:29:00.623