ID

VAR-201906-1025


CVE

CVE-2019-10985


TITLE

Advantech WebAccess/SCADA Path traversal vulnerability

Trust: 1.4

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNVD: CNVD-2019-32476 // CNNVD: CNNVD-201906-1074

DESCRIPTION

In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. WebAccess/SCADA Contains a path traversal vulnerability.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2019-10985 // JVNDB: JVNDB-2019-005816 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // BID: 108923 // IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // VULHUB: VHN-142586

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNVD: CNVD-2019-32476

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // BID: 108923 // JVNDB: JVNDB-2019-005816 // NVD: CVE-2019-10985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10985
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10985
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10985
value: HIGH

Trust: 0.7

CNVD: CNVD-2019-32476
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1074
value: CRITICAL

Trust: 0.6

IVD: ca331763-0568-4e00-aca9-d10db9f939d6
value: HIGH

Trust: 0.2

VULHUB: VHN-142586
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10985
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32476
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ca331763-0568-4e00-aca9-d10db9f939d6
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142586
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10985
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-10985
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10985
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-142586 // JVNDB: JVNDB-2019-005816 // NVD: CVE-2019-10985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1074

TYPE

Path traversal

Trust: 0.8

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // CNNVD: CNNVD-201906-1074

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005816

PATCH

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 0.7

title:Patch for Advantech WebAccess/SCADA Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/181493

Trust: 0.6

title:Advantech WebAccess/SCADA Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=94177

Trust: 0.6

sources: ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074

EXTERNAL IDS

db:NVDid:CVE-2019-10985

Trust: 4.3

db:ZDIid:ZDI-19-622

Trust: 3.0

db:ICS CERTid:ICSA-19-178-05

Trust: 2.8

db:CNNVDid:CNNVD-201906-1074

Trust: 0.9

db:BIDid:108923

Trust: 0.9

db:CNVDid:CNVD-2019-32476

Trust: 0.8

db:JVNDBid:JVNDB-2019-005816

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8194

Trust: 0.7

db:AUSCERTid:ESB-2019.2350

Trust: 0.6

db:IVDid:CA331763-0568-4E00-ACA9-D10DB9F939D6

Trust: 0.2

db:VULHUBid:VHN-142586

Trust: 0.1

sources: IVD: ca331763-0568-4e00-aca9-d10db9f939d6 // ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // BID: 108923 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 3.5

url:https://www.zerodayinitiative.com/advisories/zdi-19-622/

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10985

Trust: 1.4

url:http://webaccess.advantech.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10985

Trust: 0.8

url:https://www.securityfocus.com/bid/108923

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2350/

Trust: 0.6

sources: ZDI: ZDI-19-622 // CNVD: CNVD-2019-32476 // VULHUB: VHN-142586 // BID: 108923 // JVNDB: JVNDB-2019-005816 // CNNVD: CNNVD-201906-1074 // NVD: CVE-2019-10985

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-622

SOURCES

db:IVDid:ca331763-0568-4e00-aca9-d10db9f939d6
db:ZDIid:ZDI-19-622
db:CNVDid:CNVD-2019-32476
db:VULHUBid:VHN-142586
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005816
db:CNNVDid:CNNVD-201906-1074
db:NVDid:CVE-2019-10985

LAST UPDATE DATE

2024-08-14T14:12:21.033000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-622date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32476date:2019-09-21T00:00:00
db:VULHUBid:VHN-142586date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005816date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1074date:2023-03-03T00:00:00
db:NVDid:CVE-2019-10985date:2023-03-02T16:00:33.853

SOURCES RELEASE DATE

db:IVDid:ca331763-0568-4e00-aca9-d10db9f939d6date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-622date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32476date:2019-09-21T00:00:00
db:VULHUBid:VHN-142586date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005816date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1074date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10985date:2019-06-28T21:15:11.117