Details of VAR-201906-1029

ID

VAR-201906-1029

CVE

CVE-2019-10993

TITLE

Advantech WebAccess/SCADA Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // CNVD: CNVD-2019-32473

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. WebAccess/SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 10.62

sources: NVD: CVE-2019-10993 // JVNDB: JVNDB-2019-005812 // ZDI: ZDI-19-614 // ZDI: ZDI-19-618 // ZDI: ZDI-19-608 // ZDI: ZDI-19-604 // ZDI: ZDI-19-593 // ZDI: ZDI-19-599 // ZDI: ZDI-19-600 // ZDI: ZDI-19-603 // ZDI: ZDI-19-598 // ZDI: ZDI-19-606 // ZDI: ZDI-19-616 // ZDI: ZDI-19-610 // ZDI: ZDI-19-613 // CNVD: CNVD-2019-32473 // IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // VULHUB: VHN-142595

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // CNVD: CNVD-2019-32473

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.5	Trust: 1.8
vendor:	advantech	model:	webaccess/scada	scope:	lte	version:	<=8.3.5	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-598 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-600 // ZDI: ZDI-19-593 // ZDI: ZDI-19-604 // ZDI: ZDI-19-608 // ZDI: ZDI-19-618 // CNVD: CNVD-2019-32473 // JVNDB: JVNDB-2019-005812 // NVD: CVE-2019-10993

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-10993
value:	CRITICAL
Trust: 9.1
nvd@nist.gov:	CVE-2019-10993
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-10993
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-32473
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-1077
value:	CRITICAL
Trust: 0.6
IVD:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-142595
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10993
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32473
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142595
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-10993
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 9.1
nvd@nist.gov:	CVE-2019-10993
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10993
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-598 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-600 // ZDI: ZDI-19-593 // ZDI: ZDI-19-604 // ZDI: ZDI-19-608 // ZDI: ZDI-19-618 // CNVD: CNVD-2019-32473 // VULHUB: VHN-142595 // JVNDB: JVNDB-2019-005812 // CNNVD: CNNVD-201906-1077 // NVD: CVE-2019-10993

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-476	Trust: 0.9

sources: VULHUB: VHN-142595 // JVNDB: JVNDB-2019-005812 // NVD: CVE-2019-10993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1077

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-1077

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005812

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 9.1
title:	Advantech WebAccess	url:	https://www.advantech.co.jp/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess/SCADA arbitrary code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/181487	Trust: 0.6
title:	Advantech WebAccess/SCADA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94180	Trust: 0.6

sources: ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-598 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-600 // ZDI: ZDI-19-593 // ZDI: ZDI-19-604 // ZDI: ZDI-19-608 // ZDI: ZDI-19-618 // CNVD: CNVD-2019-32473 // JVNDB: JVNDB-2019-005812 // CNNVD: CNNVD-201906-1077

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10993	Trust: 12.4
db:	ICS CERT	id:	ICSA-19-178-05	Trust: 2.5
db:	ZDI	id:	ZDI-19-613	Trust: 2.4
db:	ZDI	id:	ZDI-19-616	Trust: 2.4
db:	ZDI	id:	ZDI-19-606	Trust: 2.4
db:	ZDI	id:	ZDI-19-598	Trust: 2.4
db:	ZDI	id:	ZDI-19-603	Trust: 2.4
db:	ZDI	id:	ZDI-19-614	Trust: 2.4
db:	ZDI	id:	ZDI-19-618	Trust: 2.4
db:	ZDI	id:	ZDI-19-605	Trust: 1.7
db:	ZDI	id:	ZDI-19-612	Trust: 1.7
db:	ZDI	id:	ZDI-19-611	Trust: 1.7
db:	ZDI	id:	ZDI-19-615	Trust: 1.7
db:	ZDI	id:	ZDI-19-602	Trust: 1.7
db:	ZDI	id:	ZDI-19-607	Trust: 1.7
db:	ZDI	id:	ZDI-19-597	Trust: 1.7
db:	ZDI	id:	ZDI-19-617	Trust: 1.7
db:	ZDI	id:	ZDI-19-601	Trust: 1.7
db:	ZDI	id:	ZDI-19-623	Trust: 1.7
db:	CNNVD	id:	CNNVD-201906-1077	Trust: 0.9
db:	CNVD	id:	CNVD-2019-32473	Trust: 0.8
db:	ZDI	id:	ZDI-19-599	Trust: 0.8
db:	ZDI	id:	ZDI-19-610	Trust: 0.8
db:	ZDI	id:	ZDI-19-600	Trust: 0.8
db:	ZDI	id:	ZDI-19-593	Trust: 0.8
db:	ZDI	id:	ZDI-19-604	Trust: 0.8
db:	ZDI	id:	ZDI-19-608	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005812	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8129	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8146	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8143	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8150	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8139	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8128	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8136	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8147	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8130	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8116	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8137	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8141	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8152	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2350	Trust: 0.6
db:	BID	id:	108923	Trust: 0.6
db:	IVD	id:	D5DCD84F-1ACA-4DC3-AC16-D5C7C3DD4D07	Trust: 0.2
db:	ZDI	id:	ZDI-19-595	Trust: 0.1
db:	ZDI	id:	ZDI-19-596	Trust: 0.1
db:	ZDI	id:	ZDI-19-609	Trust: 0.1
db:	VULHUB	id:	VHN-142595	Trust: 0.1

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-598 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-600 // ZDI: ZDI-19-593 // ZDI: ZDI-19-604 // ZDI: ZDI-19-608 // ZDI: ZDI-19-618 // CNVD: CNVD-2019-32473 // VULHUB: VHN-142595 // JVNDB: JVNDB-2019-005812 // CNNVD: CNNVD-201906-1077 // NVD: CVE-2019-10993

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 11.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-623/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10993	Trust: 2.0
url:	https://www.zerodayinitiative.com/advisories/zdi-19-597/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-598/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-601/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-602/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-603/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-605/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-606/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-607/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-611/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-612/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-613/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-614/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-615/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-616/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-617/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-618/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10993	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.6
url:	https://www.securityfocus.com/bid/108923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2350/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-593/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-595/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-596/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-599/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-600/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-604/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-608/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-609/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-610/	Trust: 0.1

sources: ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-598 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-600 // ZDI: ZDI-19-593 // ZDI: ZDI-19-604 // ZDI: ZDI-19-608 // ZDI: ZDI-19-618 // CNVD: CNVD-2019-32473 // VULHUB: VHN-142595 // JVNDB: JVNDB-2019-005812 // CNNVD: CNNVD-201906-1077 // NVD: CVE-2019-10993

CREDITS

Natnael Samson (@NattiSamson)

Trust: 9.1

SOURCES

db:	IVD	id:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
db:	ZDI	id:	ZDI-19-599
db:	ZDI	id:	ZDI-19-613
db:	ZDI	id:	ZDI-19-610
db:	ZDI	id:	ZDI-19-616
db:	ZDI	id:	ZDI-19-606
db:	ZDI	id:	ZDI-19-598
db:	ZDI	id:	ZDI-19-603
db:	ZDI	id:	ZDI-19-614
db:	ZDI	id:	ZDI-19-600
db:	ZDI	id:	ZDI-19-593
db:	ZDI	id:	ZDI-19-604
db:	ZDI	id:	ZDI-19-608
db:	ZDI	id:	ZDI-19-618
db:	CNVD	id:	CNVD-2019-32473
db:	VULHUB	id:	VHN-142595
db:	JVNDB	id:	JVNDB-2019-005812
db:	CNNVD	id:	CNNVD-201906-1077
db:	NVD	id:	CVE-2019-10993

LAST UPDATE DATE

2024-09-15T22:52:01.122000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-599	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-613	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-610	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-616	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-606	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-598	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-603	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-614	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-600	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-593	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-604	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-608	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-618	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32473	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142595	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-005812	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1077	date:	2022-04-19T00:00:00
db:	NVD	id:	CVE-2019-10993	date:	2022-04-18T17:17:47.753

SOURCES RELEASE DATE

db:	IVD	id:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07	date:	2019-09-21T00:00:00
db:	ZDI	id:	ZDI-19-599	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-613	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-610	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-616	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-606	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-598	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-603	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-614	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-600	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-593	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-604	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-608	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-618	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32473	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-142595	date:	2019-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-005812	date:	2019-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201906-1077	date:	2019-06-27T00:00:00
db:	NVD	id:	CVE-2019-10993	date:	2019-06-28T21:15:11.353