Details of VAR-202005-0008

ID

VAR-202005-0008

CVE

CVE-2020-10638

TITLE

Advantech WebAccess Node Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005160

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791c in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required

Trust: 10.17

sources: NVD: CVE-2020-10638 // JVNDB: JVNDB-2020-005160 // ZDI: ZDI-20-635 // ZDI: ZDI-20-596 // ZDI: ZDI-20-616 // ZDI: ZDI-20-618 // ZDI: ZDI-20-621 // ZDI: ZDI-20-617 // ZDI: ZDI-20-601 // ZDI: ZDI-20-603 // ZDI: ZDI-20-631 // ZDI: ZDI-20-599 // ZDI: ZDI-20-597 // ZDI: ZDI-20-593 // CNVD: CNVD-2020-29739 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // VULMON: CVE-2020-10638

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNVD: CNVD-2020-29739

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess/scada	scope:	-	version:	-	Trust: 8.4
vendor:	advantech	model:	webaccess	scope:	eq	version:	9.0.0	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.4	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.4.4	Trust: 0.8
vendor:	advantech	model:	webaccess node	scope:	gte	version:	8.4.4	Trust: 0.6
vendor:	advantech	model:	webaccess node	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	webaccess	model:	-	scope:	eq	version:	9.0.0	Trust: 0.4

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-601 // ZDI: ZDI-20-635 // ZDI: ZDI-20-617 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-616 // ZDI: ZDI-20-596 // CNVD: CNVD-2020-29739 // JVNDB: JVNDB-2020-005160 // NVD: CVE-2020-10638

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-10638
value:	CRITICAL
Trust: 7.7
nvd@nist.gov:	CVE-2020-10638
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-005160
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2020-10638
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-29739
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202005-295
value:	CRITICAL
Trust: 0.6
IVD:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
value:	HIGH
Trust: 0.2
IVD:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
value:	HIGH
Trust: 0.2
VULMON:	CVE-2020-10638
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-10638
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005160
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29739
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2020-10638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 7.7
nvd@nist.gov:	CVE-2020-10638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005160
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-10638
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-601 // ZDI: ZDI-20-635 // ZDI: ZDI-20-617 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-616 // ZDI: ZDI-20-596 // CNVD: CNVD-2020-29739 // VULMON: CVE-2020-10638 // JVNDB: JVNDB-2020-005160 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.8
problemtype:	CWE-122	Trust: 1.0

sources: JVNDB: JVNDB-2020-005160 // NVD: CVE-2020-10638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-295

TYPE

Buffer error

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNNVD: CNNVD-202005-295

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005160

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 8.4
title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-29739)	url:	https://www.cnvd.org.cn/patchInfo/show/218845	Trust: 0.6
title:	Advantech WebAccess Node Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118647	Trust: 0.6

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-601 // ZDI: ZDI-20-635 // ZDI: ZDI-20-617 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-616 // ZDI: ZDI-20-596 // CNVD: CNVD-2020-29739 // JVNDB: JVNDB-2020-005160 // CNNVD: CNNVD-202005-295

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10638	Trust: 11.9
db:	ICS CERT	id:	ICSA-20-128-01	Trust: 3.1
db:	ZDI	id:	ZDI-20-593	Trust: 2.4
db:	ZDI	id:	ZDI-20-599	Trust: 2.4
db:	ZDI	id:	ZDI-20-603	Trust: 2.4
db:	ZDI	id:	ZDI-20-621	Trust: 2.4
db:	ZDI	id:	ZDI-20-616	Trust: 2.4
db:	ZDI	id:	ZDI-20-600	Trust: 1.7
db:	ZDI	id:	ZDI-20-635	Trust: 1.3
db:	CNVD	id:	CNVD-2020-29739	Trust: 1.0
db:	CNNVD	id:	CNNVD-202005-295	Trust: 1.0
db:	JVN	id:	JVNVU93292753	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005160	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9902	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9985	Trust: 0.7
db:	ZDI	id:	ZDI-20-597	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9994	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9892	Trust: 0.7
db:	ZDI	id:	ZDI-20-631	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9897	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9998	Trust: 0.7
db:	ZDI	id:	ZDI-20-601	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10026	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9890	Trust: 0.7
db:	ZDI	id:	ZDI-20-617	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10085	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9891	Trust: 0.7
db:	ZDI	id:	ZDI-20-618	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9889	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9908	Trust: 0.7
db:	ZDI	id:	ZDI-20-596	Trust: 0.7
db:	NSFOCUS	id:	47382	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1646	Trust: 0.6
db:	IVD	id:	95F15ED9-ABD1-4FA7-B3B8-CCE038C93754	Trust: 0.2
db:	IVD	id:	619B16C7-A995-4CDF-B7BE-D91E2BDC75EC	Trust: 0.2
db:	VULMON	id:	CVE-2020-10638	Trust: 0.1

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-601 // ZDI: ZDI-20-635 // ZDI: ZDI-20-617 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-616 // ZDI: ZDI-20-596 // CNVD: CNVD-2020-29739 // VULMON: CVE-2020-10638 // JVNDB: JVNDB-2020-005160 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 8.4
url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Trust: 3.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-593/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-599/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-600/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-603/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-616/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-621/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10638	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10638	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93292753/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-635/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47382	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1646/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181596	Trust: 0.1

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-601 // ZDI: ZDI-20-635 // ZDI: ZDI-20-617 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-616 // ZDI: ZDI-20-596 // CNVD: CNVD-2020-29739 // VULMON: CVE-2020-10638 // JVNDB: JVNDB-2020-005160 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

CREDITS

Z0mb1E

Trust: 8.4

SOURCES

db:	IVD	id:	95f15ed9-abd1-4fa7-b3b8-cce038c93754
db:	IVD	id:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec
db:	ZDI	id:	ZDI-20-593
db:	ZDI	id:	ZDI-20-597
db:	ZDI	id:	ZDI-20-599
db:	ZDI	id:	ZDI-20-631
db:	ZDI	id:	ZDI-20-603
db:	ZDI	id:	ZDI-20-601
db:	ZDI	id:	ZDI-20-635
db:	ZDI	id:	ZDI-20-617
db:	ZDI	id:	ZDI-20-621
db:	ZDI	id:	ZDI-20-618
db:	ZDI	id:	ZDI-20-616
db:	ZDI	id:	ZDI-20-596
db:	CNVD	id:	CNVD-2020-29739
db:	VULMON	id:	CVE-2020-10638
db:	JVNDB	id:	JVNDB-2020-005160
db:	CNNVD	id:	CNNVD-202005-295
db:	NVD	id:	CVE-2020-10638

LAST UPDATE DATE

2024-11-20T22:41:00.153000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-593	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-597	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-599	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-631	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-603	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-601	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-635	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-617	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-621	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-618	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-616	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-596	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29739	date:	2020-05-25T00:00:00
db:	VULMON	id:	CVE-2020-10638	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005160	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-295	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-10638	date:	2021-12-17T16:57:07.227

SOURCES RELEASE DATE

db:	IVD	id:	95f15ed9-abd1-4fa7-b3b8-cce038c93754	date:	2020-05-07T00:00:00
db:	IVD	id:	619b16c7-a995-4cdf-b7be-d91e2bdc75ec	date:	2020-05-07T00:00:00
db:	ZDI	id:	ZDI-20-593	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-597	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-599	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-631	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-603	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-601	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-635	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-617	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-621	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-618	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-616	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-596	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29739	date:	2020-05-25T00:00:00
db:	VULMON	id:	CVE-2020-10638	date:	2020-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-005160	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-295	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-10638	date:	2020-05-08T12:15:11.067