ID

VAR-201906-1026


CVE

CVE-2019-10987


TITLE

WebAccess/SCADA Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-005815

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwdraw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. The vulnerability stems from the fact that the program does not correctly verify the length of the data provided by the user

Trust: 3.96

sources: NVD: CVE-2019-10987 // JVNDB: JVNDB-2019-005815 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // BID: 108923 // IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // VULHUB: VHN-142588

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // CNVD: CNVD-2019-32471

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // BID: 108923 // JVNDB: JVNDB-2019-005815 // NVD: CVE-2019-10987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10987
value: HIGH

Trust: 1.0

NVD: CVE-2019-10987
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10987
value: HIGH

Trust: 0.7

ZDI: CVE-2019-10987
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2019-32471
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1076
value: HIGH

Trust: 0.6

IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884
value: HIGH

Trust: 0.2

VULHUB: VHN-142588
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10987
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142588
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10987
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

ZDI: CVE-2019-10987
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // VULHUB: VHN-142588 // JVNDB: JVNDB-2019-005815 // CNNVD: CNNVD-201906-1076 // NVD: CVE-2019-10987

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-142588 // JVNDB: JVNDB-2019-005815 // NVD: CVE-2019-10987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1076

TYPE

Buffer error

Trust: 0.8

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // CNNVD: CNNVD-201906-1076

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005815

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 1.4

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Advantech WebAccess/SCADA patch for out-of-bounds write vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/181491

Trust: 0.6

title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94179

Trust: 0.6

sources: ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // JVNDB: JVNDB-2019-005815 // CNNVD: CNNVD-201906-1076

EXTERNAL IDS

db:NVDid:CVE-2019-10987

Trust: 5.0

db:ICS CERTid:ICSA-19-178-05

Trust: 2.8

db:ZDIid:ZDI-19-584

Trust: 2.4

db:ZDIid:ZDI-19-587

Trust: 2.4

db:BIDid:108923

Trust: 1.5

db:CNNVDid:CNNVD-201906-1076

Trust: 0.9

db:CNVDid:CNVD-2019-32471

Trust: 0.8

db:JVNDBid:JVNDB-2019-005815

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7438

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7952

Trust: 0.7

db:AUSCERTid:ESB-2019.2350

Trust: 0.6

db:IVDid:2AED5DF4-3281-48D2-B87E-B8691B4A4884

Trust: 0.2

db:VULHUBid:VHN-142588

Trust: 0.1

sources: IVD: 2aed5df4-3281-48d2-b87e-b8691b4a4884 // ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // VULHUB: VHN-142588 // BID: 108923 // JVNDB: JVNDB-2019-005815 // CNNVD: CNNVD-201906-1076 // NVD: CVE-2019-10987

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 4.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-587/

Trust: 2.3

url:https://www.zerodayinitiative.com/advisories/zdi-19-584/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10987

Trust: 1.4

url:http://www.securityfocus.com/bid/108923

Trust: 1.2

url:http://webaccess.advantech.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10987

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2350/

Trust: 0.6

sources: ZDI: ZDI-19-584 // ZDI: ZDI-19-587 // CNVD: CNVD-2019-32471 // VULHUB: VHN-142588 // BID: 108923 // JVNDB: JVNDB-2019-005815 // CNNVD: CNNVD-201906-1076 // NVD: CVE-2019-10987

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-584

SOURCES

db:IVDid:2aed5df4-3281-48d2-b87e-b8691b4a4884
db:ZDIid:ZDI-19-584
db:ZDIid:ZDI-19-587
db:CNVDid:CNVD-2019-32471
db:VULHUBid:VHN-142588
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005815
db:CNNVDid:CNNVD-201906-1076
db:NVDid:CVE-2019-10987

LAST UPDATE DATE

2024-08-14T14:12:21.383000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-584date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-587date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32471date:2019-09-21T00:00:00
db:VULHUBid:VHN-142588date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005815date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1076date:2019-07-03T00:00:00
db:NVDid:CVE-2019-10987date:2023-03-02T15:58:56.510

SOURCES RELEASE DATE

db:IVDid:2aed5df4-3281-48d2-b87e-b8691b4a4884date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-584date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-587date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32471date:2019-09-21T00:00:00
db:VULHUBid:VHN-142588date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005815date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1076date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10987date:2019-06-28T21:15:11.180