Details of VAR-201904-0181

ID

VAR-201904-0181

CVE

CVE-2019-6550

TITLE

Advantech WebAccess/SCADA Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-003121 // CNNVD: CNNVD-201904-089

DESCRIPTION

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclrptw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple command-injection vulnerabilities 2. A denial-of-service vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities An attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions

Trust: 10.89

sources: NVD: CVE-2019-6550 // JVNDB: JVNDB-2019-003121 // ZDI: ZDI-19-312 // ZDI: ZDI-19-323 // ZDI: ZDI-19-314 // ZDI: ZDI-19-585 // ZDI: ZDI-19-315 // ZDI: ZDI-19-322 // ZDI: ZDI-19-321 // ZDI: ZDI-19-320 // ZDI: ZDI-19-316 // ZDI: ZDI-19-313 // ZDI: ZDI-19-325 // ZDI: ZDI-19-329 // ZDI: ZDI-19-311 // CNVD: CNVD-2019-08948 // BID: 107675 // IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // VULMON: CVE-2019-6550

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // CNVD: CNVD-2019-08948

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.5	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.5 and less	Trust: 0.8
vendor:	advantech	model:	webaccess/scada	scope:	lte	version:	<=8.3.5	Trust: 0.6
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.5	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.4	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	ne	version:	8.4	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-320 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-315 // ZDI: ZDI-19-585 // ZDI: ZDI-19-314 // ZDI: ZDI-19-323 // CNVD: CNVD-2019-08948 // BID: 107675 // JVNDB: JVNDB-2019-003121 // NVD: CVE-2019-6550

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-6550
value:	CRITICAL
Trust: 9.1
nvd@nist.gov:	CVE-2019-6550
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6550
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-08948
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-089
value:	CRITICAL
Trust: 0.6
IVD:	4d85a7a9-a091-4c59-84e6-73c8b6639498
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2019-6550
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6550
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-08948
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4d85a7a9-a091-4c59-84e6-73c8b6639498
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2019-6550
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 9.1
nvd@nist.gov:	CVE-2019-6550
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6550
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-320 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-315 // ZDI: ZDI-19-585 // ZDI: ZDI-19-314 // ZDI: ZDI-19-323 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // JVNDB: JVNDB-2019-003121 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2019-003121 // NVD: CVE-2019-6550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-089

TYPE

Buffer error

Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // CNNVD: CNNVD-201904-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003121

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-091-01	Trust: 4.9
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01	Trust: 3.5
title:	Advantech WebAccess	url:	https://www.advantech.co.jp/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/ICSA-19-092-01	Trust: 0.7
title:	Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/157945	Trust: 0.6
title:	Advantech WebAccess/SCADA Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91013	Trust: 0.6

sources: ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-320 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-315 // ZDI: ZDI-19-585 // ZDI: ZDI-19-314 // ZDI: ZDI-19-323 // CNVD: CNVD-2019-08948 // JVNDB: JVNDB-2019-003121 // CNNVD: CNNVD-201904-089

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6550	Trust: 12.7
db:	ICS CERT	id:	ICSA-19-092-01	Trust: 3.4
db:	ZDI	id:	ZDI-19-585	Trust: 2.4
db:	BID	id:	107675	Trust: 1.0
db:	CNVD	id:	CNVD-2019-08948	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-089	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-003121	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7914	Trust: 0.7
db:	ZDI	id:	ZDI-19-322	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7899	Trust: 0.7
db:	ZDI	id:	ZDI-19-311	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7924	Trust: 0.7
db:	ZDI	id:	ZDI-19-329	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7927	Trust: 0.7
db:	ZDI	id:	ZDI-19-325	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7901	Trust: 0.7
db:	ZDI	id:	ZDI-19-313	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7904	Trust: 0.7
db:	ZDI	id:	ZDI-19-316	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7913	Trust: 0.7
db:	ZDI	id:	ZDI-19-320	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7900	Trust: 0.7
db:	ZDI	id:	ZDI-19-312	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7920	Trust: 0.7
db:	ZDI	id:	ZDI-19-321	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7903	Trust: 0.7
db:	ZDI	id:	ZDI-19-315	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7911	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7902	Trust: 0.7
db:	ZDI	id:	ZDI-19-314	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7925	Trust: 0.7
db:	ZDI	id:	ZDI-19-323	Trust: 0.7
db:	ZDI	id:	ZDI-19-330	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1113	Trust: 0.6
db:	IVD	id:	4D85A7A9-A091-4C59-84E6-73C8B6639498	Trust: 0.2
db:	VULMON	id:	CVE-2019-6550	Trust: 0.1

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-320 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-315 // ZDI: ZDI-19-585 // ZDI: ZDI-19-314 // ZDI: ZDI-19-323 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // BID: 107675 // JVNDB: JVNDB-2019-003121 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-092-01	Trust: 7.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-091-01	Trust: 4.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-585/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6550	Trust: 1.4
url:	http://www.securityfocus.com/bid/107675	Trust: 1.3
url:	https://www.advantech.com/	Trust: 0.9
url:	https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv&doc_source=download	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6550	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-092-01	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-330/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78318	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-320 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-315 // ZDI: ZDI-19-585 // ZDI: ZDI-19-314 // ZDI: ZDI-19-323 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // BID: 107675 // JVNDB: JVNDB-2019-003121 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 8.4

SOURCES

db:	IVD	id:	4d85a7a9-a091-4c59-84e6-73c8b6639498
db:	ZDI	id:	ZDI-19-322
db:	ZDI	id:	ZDI-19-311
db:	ZDI	id:	ZDI-19-329
db:	ZDI	id:	ZDI-19-325
db:	ZDI	id:	ZDI-19-313
db:	ZDI	id:	ZDI-19-316
db:	ZDI	id:	ZDI-19-320
db:	ZDI	id:	ZDI-19-312
db:	ZDI	id:	ZDI-19-321
db:	ZDI	id:	ZDI-19-315
db:	ZDI	id:	ZDI-19-585
db:	ZDI	id:	ZDI-19-314
db:	ZDI	id:	ZDI-19-323
db:	CNVD	id:	CNVD-2019-08948
db:	VULMON	id:	CVE-2019-6550
db:	BID	id:	107675
db:	JVNDB	id:	JVNDB-2019-003121
db:	CNNVD	id:	CNNVD-201904-089
db:	NVD	id:	CVE-2019-6550

LAST UPDATE DATE

2024-11-20T22:34:56.035000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-322	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-311	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-329	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-325	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-313	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-316	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-320	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-312	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-321	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-315	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-585	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-314	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-323	date:	2019-04-02T00:00:00
db:	CNVD	id:	CNVD-2019-08948	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2019-6550	date:	2020-10-06T00:00:00
db:	BID	id:	107675	date:	2019-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-003121	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201904-089	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-6550	date:	2020-10-06T14:02:16.967

SOURCES RELEASE DATE

db:	IVD	id:	4d85a7a9-a091-4c59-84e6-73c8b6639498	date:	2019-04-03T00:00:00
db:	ZDI	id:	ZDI-19-322	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-311	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-329	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-325	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-313	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-316	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-320	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-312	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-321	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-315	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-585	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-314	date:	2019-04-02T00:00:00
db:	ZDI	id:	ZDI-19-323	date:	2019-04-02T00:00:00
db:	CNVD	id:	CNVD-2019-08948	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2019-6550	date:	2019-04-05T00:00:00
db:	BID	id:	107675	date:	2019-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-003121	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201904-089	date:	2019-04-02T00:00:00
db:	NVD	id:	CVE-2019-6550	date:	2019-04-05T19:29:00.310