Details of VAR-201906-1028

ID

VAR-201906-1028

CVE

CVE-2019-10991

TITLE

WebAccess/SCADA Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005813

DESCRIPTION

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x271C IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 7.11

sources: NVD: CVE-2019-10991 // JVNDB: JVNDB-2019-005813 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // BID: 108923 // IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // VULHUB: VHN-142593

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // CNVD: CNVD-2019-32472

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 4.9
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.5	Trust: 1.8
vendor:	advantech	model:	webaccess/scada	scope:	lte	version:	<=8.3.5	Trust: 0.6
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.5	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.4	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.0	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	ne	version:	8.4.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // BID: 108923 // JVNDB: JVNDB-2019-005813 // NVD: CVE-2019-10991

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-10991
value:	CRITICAL
Trust: 4.9
nvd@nist.gov:	CVE-2019-10991
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-10991
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-32472
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-1075
value:	CRITICAL
Trust: 0.6
IVD:	917426ff-7065-403b-bd4d-431e7d3751d4
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-142593
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10991
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32472
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	917426ff-7065-403b-bd4d-431e7d3751d4
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142593
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-10991
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 4.9
nvd@nist.gov:	CVE-2019-10991
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10991
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-142593 // JVNDB: JVNDB-2019-005813 // NVD: CVE-2019-10991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1075

TYPE

Buffer error

Trust: 0.8

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // CNNVD: CNNVD-201906-1075

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005813

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 4.9
title:	Advantech WebAccess	url:	https://www.advantech.co.jp/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32472)	url:	https://www.cnvd.org.cn/patchInfo/show/181485	Trust: 0.6
title:	Advantech WebAccess/SCADA Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94178	Trust: 0.6

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10991	Trust: 8.5
db:	ICS CERT	id:	ICSA-19-178-05	Trust: 2.8
db:	ZDI	id:	ZDI-19-620	Trust: 2.4
db:	ZDI	id:	ZDI-19-586	Trust: 2.4
db:	ZDI	id:	ZDI-19-588	Trust: 2.4
db:	ZDI	id:	ZDI-19-589	Trust: 2.4
db:	ZDI	id:	ZDI-19-592	Trust: 2.4
db:	ZDI	id:	ZDI-19-594	Trust: 2.4
db:	ZDI	id:	ZDI-19-619	Trust: 2.4
db:	CNNVD	id:	CNNVD-201906-1075	Trust: 0.9
db:	BID	id:	108923	Trust: 0.9
db:	CNVD	id:	CNVD-2019-32472	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005813	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8191	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7951	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8063	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8064	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7906	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8117	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8189	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2350	Trust: 0.6
db:	IVD	id:	917426FF-7065-403B-BD4D-431E7D3751D4	Trust: 0.2
db:	VULHUB	id:	VHN-142593	Trust: 0.1

sources: IVD: 917426ff-7065-403b-bd4d-431e7d3751d4 // ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // BID: 108923 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 7.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-620/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10991	Trust: 2.0
url:	https://www.zerodayinitiative.com/advisories/zdi-19-586/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-588/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-589/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-592/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-594/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-619/	Trust: 1.7
url:	http://webaccess.advantech.com	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10991	Trust: 0.8
url:	https://www.securityfocus.com/bid/108923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2350/	Trust: 0.6

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-586 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-594 // ZDI: ZDI-19-619 // CNVD: CNVD-2019-32472 // VULHUB: VHN-142593 // BID: 108923 // JVNDB: JVNDB-2019-005813 // CNNVD: CNNVD-201906-1075 // NVD: CVE-2019-10991

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 3.5

sources: ZDI: ZDI-19-620 // ZDI: ZDI-19-588 // ZDI: ZDI-19-589 // ZDI: ZDI-19-592 // ZDI: ZDI-19-619

SOURCES

db:	IVD	id:	917426ff-7065-403b-bd4d-431e7d3751d4
db:	ZDI	id:	ZDI-19-620
db:	ZDI	id:	ZDI-19-586
db:	ZDI	id:	ZDI-19-588
db:	ZDI	id:	ZDI-19-589
db:	ZDI	id:	ZDI-19-592
db:	ZDI	id:	ZDI-19-594
db:	ZDI	id:	ZDI-19-619
db:	CNVD	id:	CNVD-2019-32472
db:	VULHUB	id:	VHN-142593
db:	BID	id:	108923
db:	JVNDB	id:	JVNDB-2019-005813
db:	CNNVD	id:	CNNVD-201906-1075
db:	NVD	id:	CVE-2019-10991

LAST UPDATE DATE

2024-08-14T14:12:21.092000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-620	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-586	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-588	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-589	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-592	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-594	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-619	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32472	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142593	date:	2023-03-02T00:00:00
db:	BID	id:	108923	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-005813	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1075	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-10991	date:	2023-03-02T15:58:31.983

SOURCES RELEASE DATE

db:	IVD	id:	917426ff-7065-403b-bd4d-431e7d3751d4	date:	2019-09-21T00:00:00
db:	ZDI	id:	ZDI-19-620	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-586	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-588	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-589	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-592	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-594	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-619	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32472	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142593	date:	2019-06-28T00:00:00
db:	BID	id:	108923	date:	2019-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-005813	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1075	date:	2019-06-27T00:00:00
db:	NVD	id:	CVE-2019-10991	date:	2019-06-28T21:15:11.307