Details of VAR-202005-0312

ID

VAR-202005-0312

CVE

CVE-2020-12026

TITLE

Advantech WebAccess Node Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005147

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000277d in ViewSrv.dll. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required

Trust: 3.96

sources: NVD: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // VULHUB: VHN-164663 // VULMON: CVE-2020-12026

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // CNVD: CNVD-2020-29742

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	9.0.0	Trust: 1.8
vendor:	advantech	model:	webaccess/scada	scope:	-	version:	-	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.4	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.4.4	Trust: 0.8
vendor:	advantech	model:	webaccess node	scope:	gte	version:	8.4.4	Trust: 0.6
vendor:	advantech	model:	webaccess node	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	webaccess	model:	-	scope:	eq	version:	9.0.0	Trust: 0.4

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // JVNDB: JVNDB-2020-005147 // NVD: CVE-2020-12026

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-12026
value:	CRITICAL
Trust: 1.4
nvd@nist.gov:	CVE-2020-12026
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005147
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-29742
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-303
value:	HIGH
Trust: 0.6
IVD:	f4254815-d8f8-4350-9a94-696eea61a062
value:	HIGH
Trust: 0.2
IVD:	7b562860-41d1-412d-8d4e-7ed58e4b7f7d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-164663
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12026
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005147
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29742
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f4254815-d8f8-4350-9a94-696eea61a062
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7b562860-41d1-412d-8d4e-7ed58e4b7f7d
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-164663
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-12026
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2020-12026
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005147
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.9
problemtype:	CWE-23	Trust: 1.0

sources: VULHUB: VHN-164663 // JVNDB: JVNDB-2020-005147 // NVD: CVE-2020-12026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-303

TYPE

Path traversal

Trust: 1.0

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // CNNVD: CNNVD-202005-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005147

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 1.4
title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Patch for Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29742)	url:	https://www.cnvd.org.cn/patchInfo/show/218851	Trust: 0.6
title:	Advantech WebAccess Node Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118654	Trust: 0.6

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12026	Trust: 5.0
db:	ICS CERT	id:	ICSA-20-128-01	Trust: 3.2
db:	ZDI	id:	ZDI-20-626	Trust: 2.5
db:	ZDI	id:	ZDI-20-627	Trust: 1.4
db:	CNVD	id:	CNVD-2020-29742	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-303	Trust: 1.1
db:	JVN	id:	JVNVU93292753	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005147	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9907	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9899	Trust: 0.7
db:	NSFOCUS	id:	47694	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1646	Trust: 0.6
db:	IVD	id:	F4254815-D8F8-4350-9A94-696EEA61A062	Trust: 0.2
db:	IVD	id:	7B562860-41D1-412D-8D4E-7ED58E4B7F7D	Trust: 0.2
db:	VULHUB	id:	VHN-164663	Trust: 0.1
db:	VULMON	id:	CVE-2020-12026	Trust: 0.1

sources: IVD: f4254815-d8f8-4350-9a94-696eea61a062 // IVD: 7b562860-41d1-412d-8d4e-7ed58e4b7f7d // ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Trust: 3.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-626/	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12026	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12026	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93292753/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-627/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2020.1646/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47694	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627 // CNVD: CNVD-2020-29742 // VULHUB: VHN-164663 // VULMON: CVE-2020-12026 // JVNDB: JVNDB-2020-005147 // CNNVD: CNNVD-202005-303 // NVD: CVE-2020-12026

CREDITS

Z0mb1E

Trust: 1.4

sources: ZDI: ZDI-20-626 // ZDI: ZDI-20-627

SOURCES

db:	IVD	id:	f4254815-d8f8-4350-9a94-696eea61a062
db:	IVD	id:	7b562860-41d1-412d-8d4e-7ed58e4b7f7d
db:	ZDI	id:	ZDI-20-626
db:	ZDI	id:	ZDI-20-627
db:	CNVD	id:	CNVD-2020-29742
db:	VULHUB	id:	VHN-164663
db:	VULMON	id:	CVE-2020-12026
db:	JVNDB	id:	JVNDB-2020-005147
db:	CNNVD	id:	CNNVD-202005-303
db:	NVD	id:	CVE-2020-12026

LAST UPDATE DATE

2024-08-14T13:24:34.324000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-626	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-627	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29742	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164663	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2020-12026	date:	2020-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-005147	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-303	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-12026	date:	2021-09-23T13:39:06.573

SOURCES RELEASE DATE

db:	IVD	id:	f4254815-d8f8-4350-9a94-696eea61a062	date:	2020-05-07T00:00:00
db:	IVD	id:	7b562860-41d1-412d-8d4e-7ed58e4b7f7d	date:	2020-05-07T00:00:00
db:	ZDI	id:	ZDI-20-626	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-627	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29742	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164663	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-12026	date:	2020-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-005147	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-303	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-12026	date:	2020-05-08T12:15:11.443