Sign-up

ID

VAR-201906-1024


CVE

CVE-2019-10983


TITLE

WebAccess/SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-005817

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within viewsrv.dll, which is accessed through the 0x2722 IOCTL in the webvrpcs process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA 8.3.5 and earlier that could allow an attacker to cause a buffer overflow or heap overflow. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in the execution of wrong data to other associated memory locations. read and write operations

Trust: 3.33

sources: NVD: CVE-2019-10983 // JVNDB: JVNDB-2019-005817 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // BID: 108923 // IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // VULHUB: VHN-142584

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // CNVD: CNVD-2019-32477

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // BID: 108923 // JVNDB: JVNDB-2019-005817 // NVD: CVE-2019-10983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10983
value: HIGH

Trust: 1.0

NVD: CVE-2019-10983
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10983
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-32477
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1073
value: HIGH

Trust: 0.6

IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75
value: HIGH

Trust: 0.2

VULHUB: VHN-142584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10983
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32477
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142584
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10983
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10983
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10983
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // ZDI: ZDI-19-621 // CNVD: CNVD-2019-32477 // VULHUB: VHN-142584 // JVNDB: JVNDB-2019-005817 // CNNVD: CNNVD-201906-1073 // NVD: CVE-2019-10983

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-142584 // JVNDB: JVNDB-2019-005817 // NVD: CVE-2019-10983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1073

TYPE

Buffer error

Trust: 0.8

sources: IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // CNNVD: CNNVD-201906-1073

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005817

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 0.7
title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32477)url:https://www.cnvd.org.cn/patchInfo/show/181489
Trust: 0.6
title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94176
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-621 // 
            
            
            
            CNVD: CNVD-2019-32477 // 
            
            
            
            JVNDB: JVNDB-2019-005817 // 
            
            
            
            CNNVD: CNNVD-201906-1073

EXTERNAL IDS
db:NVDid:CVE-2019-10983
Trust: 4.3
db:ICS CERTid:ICSA-19-178-05
Trust: 2.8
db:ZDIid:ZDI-19-621
Trust: 2.4
db:BIDid:108923
Trust: 1.5
db:CNNVDid:CNNVD-201906-1073
Trust: 0.9
db:CNVDid:CNVD-2019-32477
Trust: 0.8
db:JVNDBid:JVNDB-2019-005817
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-8193
Trust: 0.7
db:AUSCERTid:ESB-2019.2350
Trust: 0.6
db:IVDid:5F89DA07-DAA5-4005-B08F-ACEC3E1B8E75
Trust: 0.2
db:VULHUBid:VHN-142584
Trust: 0.1
sources:
            
            
            IVD: 5f89da07-daa5-4005-b08f-acec3e1b8e75 // 
            
            
            
            ZDI: ZDI-19-621 // 
            
            
            
            CNVD: CNVD-2019-32477 // 
            
            
            
            VULHUB: VHN-142584 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005817 // 
            
            
            
            CNNVD: CNNVD-201906-1073 // 
            
            
            
            NVD: CVE-2019-10983

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 3.5
url:https://www.zerodayinitiative.com/advisories/zdi-19-621/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10983
Trust: 1.4
url:http://www.securityfocus.com/bid/108923
Trust: 1.2
url:http://webaccess.advantech.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10983
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2350/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-621 // 
            
            
            
            CNVD: CNVD-2019-32477 // 
            
            
            
            VULHUB: VHN-142584 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005817 // 
            
            
            
            CNNVD: CNNVD-201906-1073 // 
            
            
            
            NVD: CVE-2019-10983

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-621

SOURCES
db:IVDid:5f89da07-daa5-4005-b08f-acec3e1b8e75
db:ZDIid:ZDI-19-621
db:CNVDid:CNVD-2019-32477
db:VULHUBid:VHN-142584
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005817
db:CNNVDid:CNNVD-201906-1073
db:NVDid:CVE-2019-10983

LAST UPDATE DATE
2024-08-14T14:12:21.174000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-621date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32477date:2019-09-21T00:00:00
db:VULHUBid:VHN-142584date:2019-07-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005817date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1073date:2019-07-03T00:00:00
db:NVDid:CVE-2019-10983date:2023-03-24T18:07:42.963

SOURCES RELEASE DATE
db:IVDid:5f89da07-daa5-4005-b08f-acec3e1b8e75date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-621date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32477date:2019-09-21T00:00:00
db:VULHUBid:VHN-142584date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005817date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1073date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10983date:2019-06-28T21:15:11.057