ID

VAR-202005-0008


CVE

CVE-2020-10638


TITLE

Advantech WebAccess/SCADA BwTCPIP Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-620 // ZDI: ZDI-20-621

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791e in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user

Trust: 10.08

sources: NVD: CVE-2020-10638 // ZDI: ZDI-20-604 // ZDI: ZDI-20-623 // ZDI: ZDI-20-618 // ZDI: ZDI-20-621 // ZDI: ZDI-20-594 // ZDI: ZDI-20-600 // ZDI: ZDI-20-601 // ZDI: ZDI-20-620 // ZDI: ZDI-20-603 // ZDI: ZDI-20-631 // ZDI: ZDI-20-599 // ZDI: ZDI-20-597 // ZDI: ZDI-20-593 // CNVD: CNVD-2020-29739 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // VULHUB: VHN-163136

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNVD: CNVD-2020-29739

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/scadascope: - version: -

Trust: 9.1

vendor:advantechmodel:webaccessscope:lteversion:8.4.4

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:9.0.0

Trust: 1.0

vendor:advantechmodel:webaccess nodescope:gteversion:8.4.4

Trust: 0.6

vendor:advantechmodel:webaccess nodescope:eqversion:9.0.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccessmodel: - scope:eqversion:9.0.0

Trust: 0.4

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // NVD: CVE-2020-10638

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10638
value: CRITICAL

Trust: 8.4

nvd@nist.gov: CVE-2020-10638
value: CRITICAL

Trust: 1.0

ZDI: CVE-2020-10638
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-29739
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202005-295
value: CRITICAL

Trust: 0.6

IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754
value: HIGH

Trust: 0.2

IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec
value: HIGH

Trust: 0.2

VULHUB: VHN-163136
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10638
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-29739
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-163136
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-10638
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 8.4

nvd@nist.gov: CVE-2020-10638
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-10638
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // VULHUB: VHN-163136 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-122

Trust: 1.0

sources: VULHUB: VHN-163136 // NVD: CVE-2020-10638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-295

TYPE

Buffer error

Trust: 1.0

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // CNNVD: CNNVD-202005-295

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 9.1

title:Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-29739)url:https://www.cnvd.org.cn/patchInfo/show/218845

Trust: 0.6

title:Advantech WebAccess Node Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118647

Trust: 0.6

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // CNNVD: CNNVD-202005-295

EXTERNAL IDS

db:NVDid:CVE-2020-10638

Trust: 11.8

db:ZDIid:ZDI-20-593

Trust: 2.4

db:ZDIid:ZDI-20-599

Trust: 2.4

db:ZDIid:ZDI-20-603

Trust: 2.4

db:ZDIid:ZDI-20-600

Trust: 2.4

db:ZDIid:ZDI-20-621

Trust: 2.4

db:ICS CERTid:ICSA-20-128-01

Trust: 2.3

db:ZDIid:ZDI-20-616

Trust: 1.7

db:CNVDid:CNVD-2020-29739

Trust: 1.1

db:CNNVDid:CNNVD-202005-295

Trust: 1.1

db:ZDIid:ZDI-20-597

Trust: 0.8

db:ZDIid:ZDI-20-631

Trust: 0.8

db:ZDIid:ZDI-20-620

Trust: 0.8

db:ZDIid:ZDI-20-604

Trust: 0.8

db:ZDIid:ZDI-20-601

Trust: 0.8

db:ZDIid:ZDI-20-594

Trust: 0.8

db:ZDIid:ZDI-20-618

Trust: 0.8

db:ZDIid:ZDI-20-623

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9902

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9985

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9994

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9892

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9897

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10081

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9898

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9998

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9997

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9904

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10085

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9891

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10337

Trust: 0.7

db:ZDIid:ZDI-20-635

Trust: 0.7

db:NSFOCUSid:47382

Trust: 0.6

db:AUSCERTid:ESB-2020.1646

Trust: 0.6

db:IVDid:95F15ED9-ABD1-4FA7-B3B8-CCE038C93754

Trust: 0.2

db:IVDid:619B16C7-A995-4CDF-B7BE-D91E2BDC75EC

Trust: 0.2

db:ZDIid:ZDI-20-596

Trust: 0.1

db:ZDIid:ZDI-20-602

Trust: 0.1

db:ZDIid:ZDI-20-617

Trust: 0.1

db:VULHUBid:VHN-163136

Trust: 0.1

sources: IVD: 95f15ed9-abd1-4fa7-b3b8-cce038c93754 // IVD: 619b16c7-a995-4cdf-b7be-d91e2bdc75ec // ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // VULHUB: VHN-163136 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 9.1

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Trust: 2.9

url:https://www.zerodayinitiative.com/advisories/zdi-20-593/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-599/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-600/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-603/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-616/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-621/

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-635/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10638

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47382

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1646/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-594/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-596/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-597/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-601/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-602/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-604/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-617/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-618/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-620/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-623/

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-631/

Trust: 0.1

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623 // CNVD: CNVD-2020-29739 // VULHUB: VHN-163136 // CNNVD: CNNVD-202005-295 // NVD: CVE-2020-10638

CREDITS

Z0mb1E

Trust: 9.1

sources: ZDI: ZDI-20-593 // ZDI: ZDI-20-597 // ZDI: ZDI-20-599 // ZDI: ZDI-20-631 // ZDI: ZDI-20-603 // ZDI: ZDI-20-620 // ZDI: ZDI-20-604 // ZDI: ZDI-20-601 // ZDI: ZDI-20-600 // ZDI: ZDI-20-594 // ZDI: ZDI-20-621 // ZDI: ZDI-20-618 // ZDI: ZDI-20-623

SOURCES

db:IVDid:95f15ed9-abd1-4fa7-b3b8-cce038c93754
db:IVDid:619b16c7-a995-4cdf-b7be-d91e2bdc75ec
db:ZDIid:ZDI-20-593
db:ZDIid:ZDI-20-597
db:ZDIid:ZDI-20-599
db:ZDIid:ZDI-20-631
db:ZDIid:ZDI-20-603
db:ZDIid:ZDI-20-620
db:ZDIid:ZDI-20-604
db:ZDIid:ZDI-20-601
db:ZDIid:ZDI-20-600
db:ZDIid:ZDI-20-594
db:ZDIid:ZDI-20-621
db:ZDIid:ZDI-20-618
db:ZDIid:ZDI-20-623
db:CNVDid:CNVD-2020-29739
db:VULHUBid:VHN-163136
db:CNNVDid:CNNVD-202005-295
db:NVDid:CVE-2020-10638

LAST UPDATE DATE

2025-03-31T18:04:20.433000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-593date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-597date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-599date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-631date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-603date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-620date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-604date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-601date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-600date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-594date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-621date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-618date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-623date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29739date:2020-05-25T00:00:00
db:VULHUBid:VHN-163136date:2021-12-17T00:00:00
db:CNNVDid:CNNVD-202005-295date:2021-01-04T00:00:00
db:NVDid:CVE-2020-10638date:2024-11-21T04:55:45.027

SOURCES RELEASE DATE

db:IVDid:95f15ed9-abd1-4fa7-b3b8-cce038c93754date:2020-05-07T00:00:00
db:IVDid:619b16c7-a995-4cdf-b7be-d91e2bdc75ecdate:2020-05-07T00:00:00
db:ZDIid:ZDI-20-593date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-597date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-599date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-631date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-603date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-620date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-604date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-601date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-600date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-594date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-621date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-618date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-623date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29739date:2020-05-25T00:00:00
db:VULHUBid:VHN-163136date:2020-05-08T00:00:00
db:CNNVDid:CNNVD-202005-295date:2020-05-07T00:00:00
db:NVDid:CVE-2020-10638date:2020-05-08T12:15:11.067