Details of VAR-202005-0008

ID

VAR-202005-0008

CVE

CVE-2020-10638

TITLE

Advantech WebAccess/SCADA BwTCPIP Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-620 // ZDI: ZDI-20-621

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791e in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user

Trust: 10.08

sources: NVD: CVE-2020-10638 // ZDI: ZDI-20-604 // ZDI: ZDI-20-623 // ZDI: ZDI-20-618 // ZDI: ZDI-20-621 // ZDI: ZDI-20-594 // ZDI: ZDI-20-600 // ZDI: ZDI-20-601 // ZDI: ZDI-20-620 // ZDI: ZDI-20-603 // ZDI: ZDI-20-631 // ZDI: ZDI-20-599 // ZDI: ZDI-20-597 // ZDI: ZDI-20-593 // CNVD: CNVD-2020-29739 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // VULHUB: VHN-163136

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNVD: CNVD-2020-29739

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess/scada	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.4	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	advantech	model:	webaccess node	scope:	gte	version:	8.4.4	Trust: 0.6
vendor:	advantech	model:	webaccess node	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	webaccess	model:	-	scope:	eq	version:	9.0.0	Trust: 0.4

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // NVD: CVE-2020-10638

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-10638
value:	CRITICAL
Trust: 8.4
nvd@nist.gov:	CVE-2020-10638
value:	CRITICAL
Trust: 1.0
ZDI:	CVE-2020-10638
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-29739
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202005-295
value:	CRITICAL
Trust: 0.6
IVD:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
value:	HIGH
Trust: 0.2
IVD:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
value:	HIGH
Trust: 0.2
VULHUB:	VHN-163136
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-10638
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-29739
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-163136
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-10638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 8.4
nvd@nist.gov:	CVE-2020-10638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2020-10638
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 0.7

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-122	Trust: 1.0

sources: VULHUB: VHN-163136 // NVD: CVE-2020-10638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-295

TYPE

Buffer error

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNNVD: CNNVD-202005-295

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 9.1
title:	Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-29739)	url:	https://www.cnvd.org.cn/patchInfo/show/218845	Trust: 0.6
title:	Advantech WebAccess Node Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118647	Trust: 0.6

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // CNNVD: CNNVD-202005-295

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10638	Trust: 11.8
db:	ZDI	id:	ZDI-20-593	Trust: 2.4
db:	ZDI	id:	ZDI-20-599	Trust: 2.4
db:	ZDI	id:	ZDI-20-603	Trust: 2.4
db:	ZDI	id:	ZDI-20-600	Trust: 2.4
db:	ZDI	id:	ZDI-20-621	Trust: 2.4
db:	ICS CERT	id:	ICSA-20-128-01	Trust: 2.3
db:	ZDI	id:	ZDI-20-616	Trust: 1.7
db:	CNVD	id:	CNVD-2020-29739	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-295	Trust: 1.1
db:	ZDI	id:	ZDI-20-597	Trust: 0.8
db:	ZDI	id:	ZDI-20-631	Trust: 0.8
db:	ZDI	id:	ZDI-20-620	Trust: 0.8
db:	ZDI	id:	ZDI-20-604	Trust: 0.8
db:	ZDI	id:	ZDI-20-601	Trust: 0.8
db:	ZDI	id:	ZDI-20-594	Trust: 0.8
db:	ZDI	id:	ZDI-20-618	Trust: 0.8
db:	ZDI	id:	ZDI-20-623	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9902	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9985	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9994	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9892	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9897	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10081	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9898	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9998	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9997	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9904	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10085	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9891	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10337	Trust: 0.7
db:	ZDI	id:	ZDI-20-635	Trust: 0.7
db:	NSFOCUS	id:	47382	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1646	Trust: 0.6
db:	IVD	id:	95F15ED9-ABD1-4FA7-B3B8-CCE038C93754	Trust: 0.2
db:	IVD	id:	619B16C7-A995-4CDF-B7BE-D91E2BDC75EC	Trust: 0.2
db:	ZDI	id:	ZDI-20-596	Trust: 0.1
db:	ZDI	id:	ZDI-20-602	Trust: 0.1
db:	ZDI	id:	ZDI-20-617	Trust: 0.1
db:	VULHUB	id:	VHN-163136	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 9.1
url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Trust: 2.9
url:	https://www.zerodayinitiative.com/advisories/zdi-20-593/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-599/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-600/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-603/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-616/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-621/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-635/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10638	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47382	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1646/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-594/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-596/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-597/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-601/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-602/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-604/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-617/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-618/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-620/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-623/	Trust: 0.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-631/	Trust: 0.1

CREDITS

Z0mb1E

Trust: 9.1

SOURCES

db:	IVD	id:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
db:	IVD	id:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
db:	ZDI	id:	ZDI-20-593
db:	ZDI	id:	ZDI-20-597
db:	ZDI	id:	ZDI-20-599
db:	ZDI	id:	ZDI-20-631
db:	ZDI	id:	ZDI-20-603
db:	ZDI	id:	ZDI-20-620
db:	ZDI	id:	ZDI-20-604
db:	ZDI	id:	ZDI-20-601
db:	ZDI	id:	ZDI-20-600
db:	ZDI	id:	ZDI-20-594
db:	ZDI	id:	ZDI-20-621
db:	ZDI	id:	ZDI-20-618
db:	ZDI	id:	ZDI-20-623
db:	CNVD	id:	CNVD-2020-29739
db:	VULHUB	id:	VHN-163136
db:	CNNVD	id:	CNNVD-202005-295
db:	NVD	id:	CVE-2020-10638

LAST UPDATE DATE

2025-03-31T18:04:20.433000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-593	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-597	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-599	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-631	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-603	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-620	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-604	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-601	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-600	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-594	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-621	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-618	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-623	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29739	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-163136	date:	2021-12-17T00:00:00
db:	CNNVD	id:	CNNVD-202005-295	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-10638	date:	2024-11-21T04:55:45.027

SOURCES RELEASE DATE

db:	IVD	id:	95f15ed9-abd1-4fa7-b3b8-cce038c93754	date:	2020-05-07T00:00:00
db:	IVD	id:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec	date:	2020-05-07T00:00:00
db:	ZDI	id:	ZDI-20-593	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-597	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-599	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-631	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-603	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-620	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-604	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-601	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-600	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-594	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-621	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-618	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-623	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29739	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-163136	date:	2020-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-295	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-10638	date:	2020-05-08T12:15:11.067