ID

VAR-202005-0334


CVE

CVE-2020-12002


TITLE

Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-634 // ZDI: ZDI-20-633

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00005241 in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user

Trust: 8.37

sources: NVD: CVE-2020-12002 // JVNDB: JVNDB-2020-005161 // ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // VULHUB: VHN-164637 // VULMON: CVE-2020-12002

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // CNVD: CNVD-2020-29740

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/scadascope: - version: -

Trust: 6.3

vendor:advantechmodel:webaccessscope:eqversion:9.0.0

Trust: 1.9

vendor:advantechmodel:webaccessscope:lteversion:8.4.4

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.4.4

Trust: 0.9

vendor:advantechmodel:webaccess nodescope:gteversion:8.4.4

Trust: 0.6

vendor:advantechmodel:webaccess nodescope:eqversion:9.0.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccessmodel: - scope:eqversion:9.0.0

Trust: 0.4

sources: IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // VULMON: CVE-2020-12002 // JVNDB: JVNDB-2020-005161 // NVD: CVE-2020-12002

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-12002
value: CRITICAL

Trust: 4.9

ZDI: CVE-2020-12002
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2020-12002
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005161
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-29740
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202005-298
value: CRITICAL

Trust: 0.6

IVD: fafb27eb-2f95-48b4-b412-633e1702e89e
value: HIGH

Trust: 0.2

IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f
value: HIGH

Trust: 0.2

VULHUB: VHN-164637
value: HIGH

Trust: 0.1

VULMON: CVE-2020-12002
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12002
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005161
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29740
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fafb27eb-2f95-48b4-b412-633e1702e89e
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-164637
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-12002
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 4.9

ZDI: CVE-2020-12002
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2020-12002
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005161
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // VULHUB: VHN-164637 // VULMON: CVE-2020-12002 // JVNDB: JVNDB-2020-005161 // CNNVD: CNNVD-202005-298 // NVD: CVE-2020-12002

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

problemtype:CWE-121

Trust: 1.0

sources: VULHUB: VHN-164637 // JVNDB: JVNDB-2020-005161 // NVD: CVE-2020-12002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-298

TYPE

Buffer error

Trust: 1.0

sources: IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // CNNVD: CNNVD-202005-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005161

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 6.3

title:Top Pageurl:https://www.advantech.com/

Trust: 0.8

title:Patch for Advantech WebAccess Node buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/218847

Trust: 0.6

title:Advantech WebAccess Node Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118650

Trust: 0.6

sources: ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // JVNDB: JVNDB-2020-005161 // CNNVD: CNNVD-202005-298

EXTERNAL IDS

db:NVDid:CVE-2020-12002

Trust: 9.9

db:ICS CERTid:ICSA-20-128-01

Trust: 3.2

db:ZDIid:ZDI-20-625

Trust: 2.5

db:ZDIid:ZDI-20-591

Trust: 2.5

db:ZDIid:ZDI-20-634

Trust: 2.5

db:ZDIid:ZDI-20-624

Trust: 2.5

db:ZDIid:ZDI-20-590

Trust: 2.5

db:ZDIid:ZDI-20-592

Trust: 2.5

db:ZDIid:ZDI-20-622

Trust: 2.5

db:ZDIid:ZDI-20-619

Trust: 2.5

db:ZDIid:ZDI-20-633

Trust: 2.5

db:CNVDid:CNVD-2020-29740

Trust: 1.1

db:CNNVDid:CNNVD-202005-298

Trust: 1.1

db:JVNid:JVNVU93292753

Trust: 0.8

db:JVNDBid:JVNDB-2020-005161

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-10339

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9996

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10080

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10338

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9987

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9906

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10086

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10025

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10079

Trust: 0.7

db:NSFOCUSid:47354

Trust: 0.6

db:AUSCERTid:ESB-2020.1646

Trust: 0.6

db:IVDid:FAFB27EB-2F95-48B4-B412-633E1702E89E

Trust: 0.2

db:IVDid:D30FFCD7-838B-4BFA-B622-12761EC4A16F

Trust: 0.2

db:VULHUBid:VHN-164637

Trust: 0.1

db:VULMONid:CVE-2020-12002

Trust: 0.1

sources: IVD: fafb27eb-2f95-48b4-b412-633e1702e89e // IVD: d30ffcd7-838b-4bfa-b622-12761ec4a16f // ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // VULHUB: VHN-164637 // VULMON: CVE-2020-12002 // JVNDB: JVNDB-2020-005161 // CNNVD: CNNVD-202005-298 // NVD: CVE-2020-12002

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 6.3

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Trust: 3.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-634/

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-20-590/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-591/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-592/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-619/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-622/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-624/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-625/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-633/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12002

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12002

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93292753/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1646/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47354

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181597

Trust: 0.1

sources: ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633 // CNVD: CNVD-2020-29740 // VULHUB: VHN-164637 // VULMON: CVE-2020-12002 // JVNDB: JVNDB-2020-005161 // CNNVD: CNNVD-202005-298 // NVD: CVE-2020-12002

CREDITS

Z0mb1E

Trust: 6.3

sources: ZDI: ZDI-20-625 // ZDI: ZDI-20-591 // ZDI: ZDI-20-634 // ZDI: ZDI-20-624 // ZDI: ZDI-20-590 // ZDI: ZDI-20-592 // ZDI: ZDI-20-622 // ZDI: ZDI-20-619 // ZDI: ZDI-20-633

SOURCES

db:IVDid:fafb27eb-2f95-48b4-b412-633e1702e89e
db:IVDid:d30ffcd7-838b-4bfa-b622-12761ec4a16f
db:ZDIid:ZDI-20-625
db:ZDIid:ZDI-20-591
db:ZDIid:ZDI-20-634
db:ZDIid:ZDI-20-624
db:ZDIid:ZDI-20-590
db:ZDIid:ZDI-20-592
db:ZDIid:ZDI-20-622
db:ZDIid:ZDI-20-619
db:ZDIid:ZDI-20-633
db:CNVDid:CNVD-2020-29740
db:VULHUBid:VHN-164637
db:VULMONid:CVE-2020-12002
db:JVNDBid:JVNDB-2020-005161
db:CNNVDid:CNNVD-202005-298
db:NVDid:CVE-2020-12002

LAST UPDATE DATE

2024-08-14T13:24:34.783000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-625date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-591date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-634date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-624date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-590date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-592date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-622date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-619date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-633date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29740date:2020-05-25T00:00:00
db:VULHUBid:VHN-164637date:2021-09-23T00:00:00
db:VULMONid:CVE-2020-12002date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005161date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-298date:2021-01-04T00:00:00
db:NVDid:CVE-2020-12002date:2021-09-23T13:42:24.883

SOURCES RELEASE DATE

db:IVDid:fafb27eb-2f95-48b4-b412-633e1702e89edate:2020-05-07T00:00:00
db:IVDid:d30ffcd7-838b-4bfa-b622-12761ec4a16fdate:2020-05-07T00:00:00
db:ZDIid:ZDI-20-625date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-591date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-634date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-624date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-590date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-592date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-622date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-619date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-633date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29740date:2020-05-25T00:00:00
db:VULHUBid:VHN-164637date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-12002date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005161date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-298date:2020-05-07T00:00:00
db:NVDid:CVE-2020-12002date:2020-05-08T12:15:11.113