ID

VAR-201906-1024


CVE

CVE-2019-10983


TITLE

WebAccess/SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-005817

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within viewsrv.dll, which is accessed through the 0x2722 IOCTL in the webvrpcs process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA 8.3.5 and earlier that could allow an attacker to cause a buffer overflow or heap overflow. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in the execution of wrong data to other associated memory locations. read and write operations

Trust: 3.33

sources: NVD: CVE-2019-10983 // JVNDB: JVNDB-2019-005817 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // BID: 108923 // IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // VULHUB: VHN-142584

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // CNVD: CNVD-2019-32477

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // BID: 108923 // JVNDB: JVNDB-2019-005817 // NVD: CVE-2019-10983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10983
value: HIGH

Trust: 1.0

NVD: CVE-2019-10983
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10983
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-32477
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1073
value: HIGH

Trust: 0.6

IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75
value: HIGH

Trust: 0.2

VULHUB: VHN-142584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10983
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32477
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142584
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10983
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10983
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10983
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // VULHUB: VHN-142584 // JVNDB: JVNDB-2019-005817 // CNNVD: CNNVD-201906-1073 // NVD: CVE-2019-10983

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-142584 // JVNDB: JVNDB-2019-005817 // NVD: CVE-2019-10983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1073

TYPE

Buffer error

Trust: 0.8

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // CNNVD: CNNVD-201906-1073

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005817

PATCH

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 0.7

title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32477)url:https://www.cnvd.org.cn/patchInfo/show/181489

Trust: 0.6

title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94176

Trust: 0.6

sources: ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // JVNDB: JVNDB-2019-005817 // CNNVD: CNNVD-201906-1073

EXTERNAL IDS

db:NVDid:CVE-2019-10983

Trust: 4.3

db:ICS CERTid:ICSA-19-178-05

Trust: 2.8

db:ZDIid:ZDI-19-621

Trust: 2.4

db:BIDid:108923

Trust: 1.5

db:CNNVDid:CNNVD-201906-1073

Trust: 0.9

db:CNVDid:CNVD-2019-32477

Trust: 0.8

db:JVNDBid:JVNDB-2019-005817

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8193

Trust: 0.7

db:AUSCERTid:ESB-2019.2350

Trust: 0.6

db:IVDid:5F89DA07-DAA5-4005-B08F-ACEC3E1B8E75

Trust: 0.2

db:VULHUBid:VHN-142584

Trust: 0.1

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // VULHUB: VHN-142584 // BID: 108923 // JVNDB: JVNDB-2019-005817 // CNNVD: CNNVD-201906-1073 // NVD: CVE-2019-10983

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 3.5

url:https://www.zerodayinitiative.com/advisories/zdi-19-621/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10983

Trust: 1.4

url:http://www.securityfocus.com/bid/108923

Trust: 1.2

url:http://webaccess.advantech.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10983

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2350/

Trust: 0.6

sources: ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // VULHUB: VHN-142584 // BID: 108923 // JVNDB: JVNDB-2019-005817 // CNNVD: CNNVD-201906-1073 // NVD: CVE-2019-10983

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-621

SOURCES

db:IVDid:5f89da07-daa5-4005-b08f-acec3e1b8e75
db:ZDIid:ZDI-19-621
db:CNVDid:CNVD-2019-32477
db:VULHUBid:VHN-142584
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005817
db:CNNVDid:CNNVD-201906-1073
db:NVDid:CVE-2019-10983

LAST UPDATE DATE

2024-08-14T14:12:21.174000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-621date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32477date:2019-09-21T00:00:00
db:VULHUBid:VHN-142584date:2019-07-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005817date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1073date:2019-07-03T00:00:00
db:NVDid:CVE-2019-10983date:2023-03-24T18:07:42.963

SOURCES RELEASE DATE

db:IVDid:5f89da07-daa5-4005-b08f-acec3e1b8e75date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-621date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32477date:2019-09-21T00:00:00
db:VULHUBid:VHN-142584date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005817date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1073date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10983date:2019-06-28T21:15:11.057