Sign-up

ID

VAR-201906-1026


CVE

CVE-2019-10987


TITLE

WebAccess/SCADA Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-005815

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwdraw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. The vulnerability stems from the fact that the program does not correctly verify the length of the data provided by the user

Trust: 3.96

sources: NVD: CVE-2019-10987 // JVNDB: JVNDB-2019-005815 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // BID: 108923 // IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // VULHUB: VHN-142588

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // CNVD: CNVD-2019-32471

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // BID: 108923 // JVNDB: JVNDB-2019-005815 // NVD: CVE-2019-10987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10987
value: HIGH

Trust: 1.0

NVD: CVE-2019-10987
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10987
value: HIGH

Trust: 0.7

ZDI: CVE-2019-10987
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2019-32471
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1076
value: HIGH

Trust: 0.6

IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884
value: HIGH

Trust: 0.2

VULHUB: VHN-142588
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10987
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142588
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

ZDI: CVE-2019-10987
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // VULHUB: VHN-142588 // JVNDB: JVNDB-2019-005815 // CNNVD: CNNVD-201906-1076 // NVD: CVE-2019-10987

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-142588 // JVNDB: JVNDB-2019-005815 // NVD: CVE-2019-10987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1076

TYPE

Buffer error

Trust: 0.8

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // CNNVD: CNNVD-201906-1076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005815

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 1.4
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Advantech WebAccess/SCADA patch for out-of-bounds write vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/181491
Trust: 0.6
title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94179
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-584 // 
            
            
            
            ZDI: ZDI-19-587 // 
            
            
            
            CNVD: CNVD-2019-32471 // 
            
            
            
            JVNDB: JVNDB-2019-005815 // 
            
            
            
            CNNVD: CNNVD-201906-1076

EXTERNAL IDS
db:NVDid:CVE-2019-10987
Trust: 5.0
db:ICS CERTid:ICSA-19-178-05
Trust: 2.8
db:ZDIid:ZDI-19-584
Trust: 2.4
db:ZDIid:ZDI-19-587
Trust: 2.4
db:BIDid:108923
Trust: 1.5
db:CNNVDid:CNNVD-201906-1076
Trust: 0.9
db:CNVDid:CNVD-2019-32471
Trust: 0.8
db:JVNDBid:JVNDB-2019-005815
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7438
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-7952
Trust: 0.7
db:AUSCERTid:ESB-2019.2350
Trust: 0.6
db:IVDid:2AED5DF4-3281-48D2-B87E-B8691B4A4884
Trust: 0.2
db:VULHUBid:VHN-142588
Trust: 0.1
sources:
            
            
            IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // 
            
            
            
            ZDI: ZDI-19-584 // 
            
            
            
            ZDI: ZDI-19-587 // 
            
            
            
            CNVD: CNVD-2019-32471 // 
            
            
            
            VULHUB: VHN-142588 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005815 // 
            
            
            
            CNNVD: CNNVD-201906-1076 // 
            
            
            
            NVD: CVE-2019-10987

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 4.2
url:https://www.zerodayinitiative.com/advisories/zdi-19-587/
Trust: 2.3
url:https://www.zerodayinitiative.com/advisories/zdi-19-584/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10987
Trust: 1.4
url:http://www.securityfocus.com/bid/108923
Trust: 1.2
url:http://webaccess.advantech.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10987
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2350/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-584 // 
            
            
            
            ZDI: ZDI-19-587 // 
            
            
            
            CNVD: CNVD-2019-32471 // 
            
            
            
            VULHUB: VHN-142588 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005815 // 
            
            
            
            CNNVD: CNNVD-201906-1076 // 
            
            
            
            NVD: CVE-2019-10987

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-584

SOURCES
db:IVDid:2aed5df4-3281-48d2-b87e-b8691b4a4884
db:ZDIid:ZDI-19-584
db:ZDIid:ZDI-19-587
db:CNVDid:CNVD-2019-32471
db:VULHUBid:VHN-142588
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005815
db:CNNVDid:CNNVD-201906-1076
db:NVDid:CVE-2019-10987

LAST UPDATE DATE
2024-08-14T14:12:21.383000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-584date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-587date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32471date:2019-09-21T00:00:00
db:VULHUBid:VHN-142588date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005815date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1076date:2019-07-03T00:00:00
db:NVDid:CVE-2019-10987date:2023-03-02T15:58:56.510

SOURCES RELEASE DATE
db:IVDid:2aed5df4-3281-48d2-b87e-b8691b4a4884date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-584date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-587date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32471date:2019-09-21T00:00:00
db:VULHUBid:VHN-142588date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005815date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1076date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10987date:2019-06-28T21:15:11.180