ID

VAR-202005-0312


CVE

CVE-2020-12026


TITLE

Advantech WebAccess Node Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005147

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000277d in ViewSrv.dll. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required

Trust: 3.96

sources: NVD: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // VULHUB: VHN-164663 // VULMON: CVE-2020-12026

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // CNVD: CNVD-2020-29742

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:9.0.0

Trust: 1.8

vendor:advantechmodel:webaccess/scadascope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.4.4

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.4.4

Trust: 0.8

vendor:advantechmodel:webaccess nodescope:gteversion:8.4.4

Trust: 0.6

vendor:advantechmodel:webaccess nodescope:eqversion:9.0.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccessmodel: - scope:eqversion:9.0.0

Trust: 0.4

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // JVNDB: JVNDB-2020-005147 // NVD: CVE-2020-12026

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-12026
value: CRITICAL

Trust: 1.4

nvd@nist.gov: CVE-2020-12026
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005147
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-29742
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-303
value: HIGH

Trust: 0.6

IVD: f4254815-d8f8-4350-9a94-696eea61a062
value: HIGH

Trust: 0.2

IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d
value: HIGH

Trust: 0.2

VULHUB: VHN-164663
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12026
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12026
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005147
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29742
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f4254815-d8f8-4350-9a94-696eea61a062
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-164663
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-12026
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2020-12026
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005147
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-23

Trust: 1.0

sources: VULHUB: VHN-164663 // JVNDB: JVNDB-2020-005147 // NVD: CVE-2020-12026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-303

TYPE

Path traversal

Trust: 1.0

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // CNNVD: CNNVD-202005-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005147

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 1.4

title:Top Pageurl:https://www.advantech.com/

Trust: 0.8

title:Patch for Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29742)url:https://www.cnvd.org.cn/patchInfo/show/218851

Trust: 0.6

title:Advantech WebAccess Node Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118654

Trust: 0.6

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303

EXTERNAL IDS

db:NVDid:CVE-2020-12026

Trust: 5.0

db:ICS CERTid:ICSA-20-128-01

Trust: 3.2

db:ZDIid:ZDI-20-626

Trust: 2.5

db:ZDIid:ZDI-20-627

Trust: 1.4

db:CNVDid:CNVD-2020-29742

Trust: 1.1

db:CNNVDid:CNNVD-202005-303

Trust: 1.1

db:JVNid:JVNVU93292753

Trust: 0.8

db:JVNDBid:JVNDB-2020-005147

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9907

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9899

Trust: 0.7

db:NSFOCUSid:47694

Trust: 0.6

db:AUSCERTid:ESB-2020.1646

Trust: 0.6

db:IVDid:F4254815-D8F8-4350-9A94-696EEA61A062

Trust: 0.2

db:IVDid:7B562860-41D1-412D-8D4E-7ED58E4B7F7D

Trust: 0.2

db:VULHUBid:VHN-164663

Trust: 0.1

db:VULMONid:CVE-2020-12026

Trust: 0.1

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Trust: 3.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-626/

Trust: 1.8

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12026

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12026

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93292753/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-627/

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2020.1646/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47694

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

CREDITS

Z0mb1E

Trust: 1.4

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627

SOURCES

db:IVDid:f4254815-d8f8-4350-9a94-696eea61a062
db:IVDid:7b562860-41d1-412d-8d4e-7ed58e4b7f7d
db:ZDIid:ZDI-20-626
db:ZDIid:ZDI-20-627
db:CNVDid:CNVD-2020-29742
db:VULHUBid:VHN-164663
db:VULMONid:CVE-2020-12026
db:JVNDBid:JVNDB-2020-005147
db:CNNVDid:CNNVD-202005-303
db:NVDid:CVE-2020-12026

LAST UPDATE DATE

2024-11-23T21:59:18.592000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-626date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-627date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29742date:2020-05-25T00:00:00
db:VULHUBid:VHN-164663date:2021-09-23T00:00:00
db:VULMONid:CVE-2020-12026date:2020-05-11T00:00:00
db:JVNDBid:JVNDB-2020-005147date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-303date:2021-01-04T00:00:00
db:NVDid:CVE-2020-12026date:2024-11-21T04:59:08.347

SOURCES RELEASE DATE

db:IVDid:f4254815-d8f8-4350-9a94-696eea61a062date:2020-05-07T00:00:00
db:IVDid:7b562860-41d1-412d-8d4e-7ed58e4b7f7ddate:2020-05-07T00:00:00
db:ZDIid:ZDI-20-626date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-627date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29742date:2020-05-25T00:00:00
db:VULHUBid:VHN-164663date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-12026date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005147date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-303date:2020-05-07T00:00:00
db:NVDid:CVE-2020-12026date:2020-05-08T12:15:11.443