Details of VAR-201906-1025

ID

VAR-201906-1025

CVE

CVE-2019-10985

TITLE

Advantech WebAccess/SCADA Path traversal vulnerability

Trust: 1.4

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNVD: CNVD-2019-32476 // CNNVD: CNNVD-201906-1074

DESCRIPTION

In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. WebAccess/SCADA Contains a path traversal vulnerability.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2019-10985 // JVNDB: JVNDB-2019-005816 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // BID: 108923 // IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // VULHUB: VHN-142586

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNVD: CNVD-2019-32476

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.5	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess/scada	scope:	lte	version:	<=8.3.5	Trust: 0.6
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.5	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.4	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.0	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	ne	version:	8.4.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // BID: 108923 // JVNDB: JVNDB-2019-005816 // NVD: CVE-2019-10985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10985
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-10985
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-10985
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2019-32476
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-1074
value:	CRITICAL
Trust: 0.6
IVD:	ca331763-0568-4e00-aca9-d10db9f939d6
value:	HIGH
Trust: 0.2
VULHUB:	VHN-142586
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10985
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32476
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ca331763-0568-4e00-aca9-d10db9f939d6
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142586
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10985
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-10985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-142586 // JVNDB: JVNDB-2019-005816 // NVD: CVE-2019-10985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1074

TYPE

Path traversal

Trust: 0.8

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNNVD: CNNVD-201906-1074

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005816

PATCH

title:	Advantech WebAccess	url:	https://www.advantech.co.jp/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 0.7
title:	Patch for Advantech WebAccess/SCADA Path Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/181493	Trust: 0.6
title:	Advantech WebAccess/SCADA Repair measures for path traversal vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=94177	Trust: 0.6

sources: ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10985	Trust: 4.3
db:	ZDI	id:	ZDI-19-622	Trust: 3.0
db:	ICS CERT	id:	ICSA-19-178-05	Trust: 2.8
db:	CNNVD	id:	CNNVD-201906-1074	Trust: 0.9
db:	BID	id:	108923	Trust: 0.9
db:	CNVD	id:	CNVD-2019-32476	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005816	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8194	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2350	Trust: 0.6
db:	IVD	id:	CA331763-0568-4E00-ACA9-D10DB9F939D6	Trust: 0.2
db:	VULHUB	id:	VHN-142586	Trust: 0.1

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // BID: 108923 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 3.5
url:	https://www.zerodayinitiative.com/advisories/zdi-19-622/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10985	Trust: 1.4
url:	http://webaccess.advantech.com	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10985	Trust: 0.8
url:	https://www.securityfocus.com/bid/108923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2350/	Trust: 0.6

sources: ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // BID: 108923 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-622

SOURCES

db:	IVD	id:	ca331763-0568-4e00-aca9-d10db9f939d6
db:	ZDI	id:	ZDI-19-622
db:	CNVD	id:	CNVD-2019-32476
db:	VULHUB	id:	VHN-142586
db:	BID	id:	108923
db:	JVNDB	id:	JVNDB-2019-005816
db:	CNNVD	id:	CNNVD-201906-1074
db:	NVD	id:	CVE-2019-10985

LAST UPDATE DATE

2024-08-14T14:12:21.033000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-622	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32476	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142586	date:	2023-03-02T00:00:00
db:	BID	id:	108923	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-005816	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1074	date:	2023-03-03T00:00:00
db:	NVD	id:	CVE-2019-10985	date:	2023-03-02T16:00:33.853

SOURCES RELEASE DATE

db:	IVD	id:	ca331763-0568-4e00-aca9-d10db9f939d6	date:	2019-09-21T00:00:00
db:	ZDI	id:	ZDI-19-622	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32476	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142586	date:	2019-06-28T00:00:00
db:	BID	id:	108923	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-005816	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1074	date:	2019-06-27T00:00:00
db:	NVD	id:	CVE-2019-10985	date:	2019-06-28T21:15:11.117