Details of VAR-201906-1029

ID

VAR-201906-1029

CVE

CVE-2019-10993

TITLE

Advantech WebAccess/SCADA Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // CNVD: CNVD-2019-32473

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment

Trust: 11.07

sources: NVD: CVE-2019-10993 // ZDI: ZDI-19-599 // ZDI: ZDI-19-623 // ZDI: ZDI-19-607 // ZDI: ZDI-19-615 // ZDI: ZDI-19-604 // ZDI: ZDI-19-617 // ZDI: ZDI-19-614 // ZDI: ZDI-19-603 // ZDI: ZDI-19-602 // ZDI: ZDI-19-612 // ZDI: ZDI-19-611 // ZDI: ZDI-19-606 // ZDI: ZDI-19-616 // ZDI: ZDI-19-610 // ZDI: ZDI-19-613 // CNVD: CNVD-2019-32473 // IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // CNVD: CNVD-2019-32473

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 10.5
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.5	Trust: 1.0
vendor:	advantech	model:	webaccess/scada	scope:	lte	version:	<=8.3.5	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07 // ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-611 // ZDI: ZDI-19-612 // ZDI: ZDI-19-602 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-617 // ZDI: ZDI-19-604 // ZDI: ZDI-19-615 // ZDI: ZDI-19-607 // ZDI: ZDI-19-623 // CNVD: CNVD-2019-32473 // NVD: CVE-2019-10993

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-10993
value:	CRITICAL
Trust: 10.5
nvd@nist.gov:	CVE-2019-10993
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2019-32473
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-1077
value:	CRITICAL
Trust: 0.6
IVD:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2019-10993
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2019-32473
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2019-10993
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 10.5
nvd@nist.gov:	CVE-2019-10993
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2019-10993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1077

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-1077

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 10.5
title:	Patch for Advantech WebAccess/SCADA arbitrary code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/181487	Trust: 0.6
title:	Advantech WebAccess/SCADA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94180	Trust: 0.6

sources: ZDI: ZDI-19-599 // ZDI: ZDI-19-613 // ZDI: ZDI-19-610 // ZDI: ZDI-19-616 // ZDI: ZDI-19-606 // ZDI: ZDI-19-611 // ZDI: ZDI-19-612 // ZDI: ZDI-19-602 // ZDI: ZDI-19-603 // ZDI: ZDI-19-614 // ZDI: ZDI-19-617 // ZDI: ZDI-19-604 // ZDI: ZDI-19-615 // ZDI: ZDI-19-607 // ZDI: ZDI-19-623 // CNVD: CNVD-2019-32473 // CNNVD: CNNVD-201906-1077

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10993	Trust: 12.9
db:	ZDI	id:	ZDI-19-613	Trust: 2.3
db:	ZDI	id:	ZDI-19-616	Trust: 2.3
db:	ZDI	id:	ZDI-19-606	Trust: 2.3
db:	ZDI	id:	ZDI-19-611	Trust: 2.3
db:	ZDI	id:	ZDI-19-612	Trust: 2.3
db:	ZDI	id:	ZDI-19-602	Trust: 2.3
db:	ZDI	id:	ZDI-19-603	Trust: 2.3
db:	ZDI	id:	ZDI-19-614	Trust: 2.3
db:	ZDI	id:	ZDI-19-617	Trust: 2.3
db:	ZDI	id:	ZDI-19-615	Trust: 2.3
db:	ZDI	id:	ZDI-19-607	Trust: 2.3
db:	ZDI	id:	ZDI-19-623	Trust: 2.3
db:	ZDI	id:	ZDI-19-618	Trust: 1.6
db:	ZDI	id:	ZDI-19-597	Trust: 1.6
db:	ZDI	id:	ZDI-19-605	Trust: 1.6
db:	ZDI	id:	ZDI-19-601	Trust: 1.6
db:	ZDI	id:	ZDI-19-598	Trust: 1.6
db:	ICS CERT	id:	ICSA-19-178-05	Trust: 1.6
db:	CNVD	id:	CNVD-2019-32473	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-1077	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8129	Trust: 0.7
db:	ZDI	id:	ZDI-19-599	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8146	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8143	Trust: 0.7
db:	ZDI	id:	ZDI-19-610	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8150	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8139	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8144	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8145	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8135	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8136	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8147	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8151	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8137	Trust: 0.7
db:	ZDI	id:	ZDI-19-604	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8148	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8140	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8119	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2350	Trust: 0.6
db:	BID	id:	108923	Trust: 0.6
db:	IVD	id:	D5DCD84F-1ACA-4DC3-AC16-D5C7C3DD4D07	Trust: 0.2

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-178-05	Trust: 12.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-623/	Trust: 2.2
url:	https://www.zerodayinitiative.com/advisories/zdi-19-597/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-611/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-601/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-612/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-598/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-615/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-605/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-616/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-602/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-613/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-603/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-614/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-606/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-617/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-607/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-618/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10993	Trust: 1.2
url:	http://webaccess.advantech.com	Trust: 0.6
url:	https://www.securityfocus.com/bid/108923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2350/	Trust: 0.6

CREDITS

Natnael Samson (@NattiSamson)

Trust: 9.8

SOURCES

db:	IVD	id:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07
db:	ZDI	id:	ZDI-19-599
db:	ZDI	id:	ZDI-19-613
db:	ZDI	id:	ZDI-19-610
db:	ZDI	id:	ZDI-19-616
db:	ZDI	id:	ZDI-19-606
db:	ZDI	id:	ZDI-19-611
db:	ZDI	id:	ZDI-19-612
db:	ZDI	id:	ZDI-19-602
db:	ZDI	id:	ZDI-19-603
db:	ZDI	id:	ZDI-19-614
db:	ZDI	id:	ZDI-19-617
db:	ZDI	id:	ZDI-19-604
db:	ZDI	id:	ZDI-19-615
db:	ZDI	id:	ZDI-19-607
db:	ZDI	id:	ZDI-19-623
db:	CNVD	id:	CNVD-2019-32473
db:	CNNVD	id:	CNNVD-201906-1077
db:	NVD	id:	CVE-2019-10993

LAST UPDATE DATE

2025-02-20T22:32:01.344000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-599	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-613	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-610	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-616	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-606	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-611	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-612	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-602	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-603	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-614	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-617	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-604	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-615	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-607	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-623	date:	2024-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-32473	date:	2019-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-1077	date:	2022-04-19T00:00:00
db:	NVD	id:	CVE-2019-10993	date:	2024-11-21T04:20:18.740

SOURCES RELEASE DATE

db:	IVD	id:	d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07	date:	2019-09-21T00:00:00
db:	ZDI	id:	ZDI-19-599	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-613	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-610	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-616	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-606	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-611	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-612	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-602	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-603	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-614	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-617	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-604	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-615	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-607	date:	2019-07-02T00:00:00
db:	ZDI	id:	ZDI-19-623	date:	2019-07-02T00:00:00
db:	CNVD	id:	CNVD-2019-32473	date:	2019-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-1077	date:	2019-06-27T00:00:00
db:	NVD	id:	CVE-2019-10993	date:	2019-06-28T21:15:11.353