Sign-up

ID

VAR-201904-0181


CVE

CVE-2019-6550


TITLE

Advantech WebAccess/SCADA Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // CNVD: CNVD-2019-08948

DESCRIPTION

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwmakdir.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA

Trust: 10.53

sources: NVD: CVE-2019-6550 // ZDI: ZDI-19-320 // ZDI: ZDI-19-327 // ZDI: ZDI-19-585 // ZDI: ZDI-19-330 // ZDI: ZDI-19-321 // ZDI: ZDI-19-312 // ZDI: ZDI-19-322 // ZDI: ZDI-19-310 // ZDI: ZDI-19-317 // ZDI: ZDI-19-316 // ZDI: ZDI-19-313 // ZDI: ZDI-19-325 // ZDI: ZDI-19-329 // ZDI: ZDI-19-311 // CNVD: CNVD-2019-08948 // IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // VULMON: CVE-2019-6550

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // CNVD: CNVD-2019-08948

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 9.8

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.0

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327 // CNVD: CNVD-2019-08948 // NVD: CVE-2019-6550

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-6550
value: CRITICAL

Trust: 9.8

nvd@nist.gov: CVE-2019-6550
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2019-08948
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-089
value: CRITICAL

Trust: 0.6

IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498
value: CRITICAL

Trust: 0.2

VULMON: CVE-2019-6550
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6550
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2019-08948
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

ZDI: CVE-2019-6550
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 9.8

nvd@nist.gov: CVE-2019-6550
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-6550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-089

TYPE

Buffer error

Trust: 0.8

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // CNNVD: CNNVD-201904-089

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-091-01

Trust: 4.9

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01

Trust: 4.2

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/ICSA-19-092-01

Trust: 0.7

title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/157945

Trust: 0.6

title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91013

Trust: 0.6

sources: ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327 // CNVD: CNVD-2019-08948 // CNNVD: CNNVD-201904-089

EXTERNAL IDS

db:NVDid:CVE-2019-6550

Trust: 12.3

db:ZDIid:ZDI-19-585

Trust: 2.4

db:ICS CERTid:ICSA-19-092-01

Trust: 2.3

db:ZDIid:ZDI-19-330

Trust: 1.3

db:CNVDid:CNVD-2019-08948

Trust: 0.8

db:CNNVDid:CNNVD-201904-089

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7914

Trust: 0.7

db:ZDIid:ZDI-19-322

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7899

Trust: 0.7

db:ZDIid:ZDI-19-311

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7924

Trust: 0.7

db:ZDIid:ZDI-19-329

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7927

Trust: 0.7

db:ZDIid:ZDI-19-325

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7901

Trust: 0.7

db:ZDIid:ZDI-19-313

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7904

Trust: 0.7

db:ZDIid:ZDI-19-316

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7905

Trust: 0.7

db:ZDIid:ZDI-19-317

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7913

Trust: 0.7

db:ZDIid:ZDI-19-320

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7898

Trust: 0.7

db:ZDIid:ZDI-19-310

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7900

Trust: 0.7

db:ZDIid:ZDI-19-312

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7920

Trust: 0.7

db:ZDIid:ZDI-19-321

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7930

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7911

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7881

Trust: 0.7

db:ZDIid:ZDI-19-327

Trust: 0.7

db:BIDid:107675

Trust: 0.7

db:AUSCERTid:ESB-2019.1113

Trust: 0.6

db:IVDid:4D85A7A9-A091-4C59-84E6-73C8B6639498

Trust: 0.2

db:VULMONid:CVE-2019-6550

Trust: 0.1

sources: IVD: 4d85a7a9-a091-4c59-84e6-73c8b6639498 // ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-092-01

Trust: 6.6

url:https://ics-cert.us-cert.gov/advisories/icsa-19-091-01

Trust: 4.9

url:https://www.zerodayinitiative.com/advisories/zdi-19-585/

Trust: 1.7

url:http://www.securityfocus.com/bid/107675

Trust: 1.3

url:https://www.us-cert.gov/ics/advisories/icsa-19-092-01

Trust: 0.7

url:https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv&doc_source=download

Trust: 0.6

url:https://www.advantech.com/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-6550

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-19-330/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78318

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-321 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327 // CNVD: CNVD-2019-08948 // VULMON: CVE-2019-6550 // CNNVD: CNNVD-201904-089 // NVD: CVE-2019-6550

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 9.1

sources: ZDI: ZDI-19-322 // ZDI: ZDI-19-311 // ZDI: ZDI-19-329 // ZDI: ZDI-19-325 // ZDI: ZDI-19-313 // ZDI: ZDI-19-316 // ZDI: ZDI-19-317 // ZDI: ZDI-19-320 // ZDI: ZDI-19-310 // ZDI: ZDI-19-312 // ZDI: ZDI-19-330 // ZDI: ZDI-19-585 // ZDI: ZDI-19-327

SOURCES

db:IVDid:4d85a7a9-a091-4c59-84e6-73c8b6639498
db:ZDIid:ZDI-19-322
db:ZDIid:ZDI-19-311
db:ZDIid:ZDI-19-329
db:ZDIid:ZDI-19-325
db:ZDIid:ZDI-19-313
db:ZDIid:ZDI-19-316
db:ZDIid:ZDI-19-317
db:ZDIid:ZDI-19-320
db:ZDIid:ZDI-19-310
db:ZDIid:ZDI-19-312
db:ZDIid:ZDI-19-321
db:ZDIid:ZDI-19-330
db:ZDIid:ZDI-19-585
db:ZDIid:ZDI-19-327
db:CNVDid:CNVD-2019-08948
db:VULMONid:CVE-2019-6550
db:CNNVDid:CNNVD-201904-089
db:NVDid:CVE-2019-6550

LAST UPDATE DATE

2025-01-03T22:56:08.933000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-322date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-311date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-329date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-325date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-313date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-316date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-317date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-320date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-310date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-312date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-321date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-330date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-585date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-327date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-08948date:2019-04-03T00:00:00
db:VULMONid:CVE-2019-6550date:2020-10-06T00:00:00
db:CNNVDid:CNNVD-201904-089date:2020-10-09T00:00:00
db:NVDid:CVE-2019-6550date:2024-11-21T04:46:40.660

SOURCES RELEASE DATE

db:IVDid:4d85a7a9-a091-4c59-84e6-73c8b6639498date:2019-04-03T00:00:00
db:ZDIid:ZDI-19-322date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-311date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-329date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-325date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-313date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-316date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-317date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-320date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-310date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-312date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-321date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-330date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-585date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-327date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-08948date:2019-04-03T00:00:00
db:VULMONid:CVE-2019-6550date:2019-04-05T00:00:00
db:CNNVDid:CNNVD-201904-089date:2019-04-02T00:00:00
db:NVDid:CVE-2019-6550date:2019-04-05T19:29:00.310