Sign-up

ID

VAR-201908-1828


CVE

CVE-2019-10961


TITLE

Advantech WebAccess HMI Designer Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-007454

DESCRIPTION

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. Advantech WebAccess HMI Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. The product has functions such as data transmission, menu editing and text editing. There is a buffer error vulnerability in Advantech WebAccess HMI Designer 2.1.9.23 and earlier versions, the vulnerability is due to the fact that the program does not correctly verify the data submitted by the user

Trust: 3.06

sources: NVD: CVE-2019-10961 // JVNDB: JVNDB-2019-007454 // ZDI: ZDI-19-691 // CNVD: CNVD-2019-32465 // IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // VULHUB: VHN-142560

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // CNVD: CNVD-2019-32465

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess hmi designerscope:lteversion:2.1.7.32

Trust: 1.0

vendor:advantechmodel:webaccess/hmiscope:ltversion:2.1.9.23

Trust: 0.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess hmi designerscope:lteversion:<=2.1.9.23

Trust: 0.6

vendor:webaccess hmi designermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // ZDI: ZDI-19-691 // CNVD: CNVD-2019-32465 // JVNDB: JVNDB-2019-007454 // NVD: CVE-2019-10961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10961
value: HIGH

Trust: 1.0

NVD: CVE-2019-10961
value: HIGH

Trust: 0.8

ZDI: CVE-2019-10961
value: HIGH

Trust: 0.7

CNVD: CNVD-2019-32465
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-167
value: HIGH

Trust: 0.6

IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809
value: HIGH

Trust: 0.2

VULHUB: VHN-142560
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10961
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32465
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142560
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10961
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10961
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-10961
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // ZDI: ZDI-19-691 // CNVD: CNVD-2019-32465 // VULHUB: VHN-142560 // JVNDB: JVNDB-2019-007454 // CNNVD: CNNVD-201908-167 // NVD: CVE-2019-10961

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-142560 // JVNDB: JVNDB-2019-007454 // NVD: CVE-2019-10961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-167

TYPE

Buffer error

Trust: 0.8

sources: IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // CNNVD: CNNVD-201908-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007454

PATCH
title:Advantech WebAccess/HMIurl:https://www.advantech.com/industrial-automation/webaccess/webaccesshmi
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-213-01
Trust: 0.7
title:Advantech WebAccess HMI Designer out of boundary write vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/181495
Trust: 0.6
title:Advantech WebAccess HMI Designer Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95926
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-691 // 
            
            
            
            CNVD: CNVD-2019-32465 // 
            
            
            
            JVNDB: JVNDB-2019-007454 // 
            
            
            
            CNNVD: CNNVD-201908-167

EXTERNAL IDS
db:NVDid:CVE-2019-10961
Trust: 4.0
db:ICS CERTid:ICSA-19-213-01
Trust: 3.1
db:ZDIid:ZDI-19-691
Trust: 2.4
db:CNNVDid:CNNVD-201908-167
Trust: 0.9
db:CNVDid:CNVD-2019-32465
Trust: 0.8
db:JVNDBid:JVNDB-2019-007454
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7805
Trust: 0.7
db:AUSCERTid:ESB-2019.2903
Trust: 0.6
db:IVDid:BB9F1DEB-4880-41E7-BC75-E3D5E343B809
Trust: 0.2
db:VULHUBid:VHN-142560
Trust: 0.1
sources:
            
            
            IVD: bb9f1deb-4880-41e7-bc75-e3d5e343b809 // 
            
            
            
            ZDI: ZDI-19-691 // 
            
            
            
            CNVD: CNVD-2019-32465 // 
            
            
            
            VULHUB: VHN-142560 // 
            
            
            
            JVNDB: JVNDB-2019-007454 // 
            
            
            
            CNNVD: CNNVD-201908-167 // 
            
            
            
            NVD: CVE-2019-10961

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-213-01
Trust: 3.8
url:https://www.zerodayinitiative.com/advisories/zdi-19-691/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10961
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10961
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2903/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-691 // 
            
            
            
            CNVD: CNVD-2019-32465 // 
            
            
            
            VULHUB: VHN-142560 // 
            
            
            
            JVNDB: JVNDB-2019-007454 // 
            
            
            
            CNNVD: CNNVD-201908-167 // 
            
            
            
            NVD: CVE-2019-10961

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 1.3
sources:
            
            
            ZDI: ZDI-19-691 // 
            
            
            
            CNNVD: CNNVD-201908-167

SOURCES
db:IVDid:bb9f1deb-4880-41e7-bc75-e3d5e343b809
db:ZDIid:ZDI-19-691
db:CNVDid:CNVD-2019-32465
db:VULHUBid:VHN-142560
db:JVNDBid:JVNDB-2019-007454
db:CNNVDid:CNNVD-201908-167
db:NVDid:CVE-2019-10961

LAST UPDATE DATE
2024-08-14T14:32:33.849000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-691date:2019-08-05T00:00:00
db:CNVDid:CNVD-2019-32465date:2019-09-21T00:00:00
db:VULHUBid:VHN-142560date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2019-007454date:2019-08-13T00:00:00
db:CNNVDid:CNNVD-201908-167date:2019-08-14T00:00:00
db:NVDid:CVE-2019-10961date:2023-03-03T15:51:17.100

SOURCES RELEASE DATE
db:IVDid:bb9f1deb-4880-41e7-bc75-e3d5e343b809date:2019-09-21T00:00:00
db:ZDIid:ZDI-19-691date:2019-08-05T00:00:00
db:CNVDid:CNVD-2019-32465date:2019-09-21T00:00:00
db:VULHUBid:VHN-142560date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-007454date:2019-08-13T00:00:00
db:CNNVDid:CNNVD-201908-167date:2019-08-01T00:00:00
db:NVDid:CVE-2019-10961date:2019-08-02T17:15:14.327