ID

VAR-201906-1028


CVE

CVE-2019-10991


TITLE

WebAccess/SCADA Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005813

DESCRIPTION

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x271C IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 7.11

sources: NVD: CVE-2019-10991 // JVNDB: JVNDB-2019-005813 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // BID: 108923 // IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // VULHUB: VHN-142593

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // CNVD: CNVD-2019-32472

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 4.9

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // BID: 108923 // JVNDB: JVNDB-2019-005813 // NVD: CVE-2019-10991

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-10991
value: CRITICAL

Trust: 4.9

nvd@nist.gov: CVE-2019-10991
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10991
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32472
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-1075
value: CRITICAL

Trust: 0.6

IVD: 917426ff-7065-403b-bd4d-431e7d3751d4
value: CRITICAL

Trust: 0.2

VULHUB: VHN-142593
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10991
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32472
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 917426ff-7065-403b-bd4d-431e7d3751d4
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142593
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-10991
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 4.9

nvd@nist.gov: CVE-2019-10991
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10991
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-142593 // JVNDB: JVNDB-2019-005813 // NVD: CVE-2019-10991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1075

TYPE

Buffer error

Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // CNNVD: CNNVD-201906-1075

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005813

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 4.9

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32472)url:https://www.cnvd.org.cn/patchInfo/show/181485

Trust: 0.6

title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94178

Trust: 0.6

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075

EXTERNAL IDS

db:NVDid:CVE-2019-10991

Trust: 8.5

db:ICS CERTid:ICSA-19-178-05

Trust: 2.8

db:ZDIid:ZDI-19-620

Trust: 2.4

db:ZDIid:ZDI-19-586

Trust: 2.4

db:ZDIid:ZDI-19-588

Trust: 2.4

db:ZDIid:ZDI-19-589

Trust: 2.4

db:ZDIid:ZDI-19-592

Trust: 2.4

db:ZDIid:ZDI-19-594

Trust: 2.4

db:ZDIid:ZDI-19-619

Trust: 2.4

db:CNNVDid:CNNVD-201906-1075

Trust: 0.9

db:BIDid:108923

Trust: 0.9

db:CNVDid:CNVD-2019-32472

Trust: 0.8

db:JVNDBid:JVNDB-2019-005813

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8191

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7951

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8063

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8064

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7906

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8117

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8189

Trust: 0.7

db:AUSCERTid:ESB-2019.2350

Trust: 0.6

db:IVDid:917426FF-7065-403B-BD4D-431E7D3751D4

Trust: 0.2

db:VULHUBid:VHN-142593

Trust: 0.1

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // BID: 108923 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 7.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-620/

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10991

Trust: 2.0

url:https://www.zerodayinitiative.com/advisories/zdi-19-586/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-588/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-589/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-592/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-594/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-19-619/

Trust: 1.7

url:http://webaccess.advantech.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10991

Trust: 0.8

url:https://www.securityfocus.com/bid/108923

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2350/

Trust: 0.6

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // BID: 108923 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 3.5

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-619

SOURCES

db:IVDid:917426ff-7065-403b-bd4d-431e7d3751d4
db:ZDIid:ZDI-19-620
db:ZDIid:ZDI-19-586
db:ZDIid:ZDI-19-588
db:ZDIid:ZDI-19-589
db:ZDIid:ZDI-19-592
db:ZDIid:ZDI-19-594
db:ZDIid:ZDI-19-619
db:CNVDid:CNVD-2019-32472
db:VULHUBid:VHN-142593
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005813
db:CNNVDid:CNNVD-201906-1075
db:NVDid:CVE-2019-10991

LAST UPDATE DATE

2024-08-14T14:12:21.092000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-620date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-586date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-588date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-589date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-592date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-594date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-619date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32472date:2019-09-21T00:00:00
db:VULHUBid:VHN-142593date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005813date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1075date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10991date:2023-03-02T15:58:31.983

SOURCES RELEASE DATE

db:IVDid:917426ff-7065-403b-bd4d-431e7d3751d4date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-620date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-586date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-588date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-589date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-592date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-594date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-619date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32472date:2019-09-21T00:00:00
db:VULHUBid:VHN-142593date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005813date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1075date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10991date:2019-06-28T21:15:11.307