ID

VAR-202005-0335


CVE

CVE-2020-12006


TITLE

Advantech WebAccess Node Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005162

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791e in DATACORE.exe. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. Advantech WebAccess Node could allow a remote malicious user to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to overwrite arbitrary files on the system

Trust: 4.59

sources: NVD: CVE-2020-12006 // JVNDB: JVNDB-2020-005162 // ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // VULHUB: VHN-164641 // VULMON: CVE-2020-12006

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // CNVD: CNVD-2020-29743

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/scadascope: - version: -

Trust: 2.1

vendor:advantechmodel:webaccessscope:eqversion:9.0.0

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:8.4.4

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.4.4

Trust: 0.8

vendor:advantechmodel:webaccess nodescope:gteversion:8.4.4

Trust: 0.6

vendor:advantechmodel:webaccess nodescope:eqversion:9.0.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccessmodel: - scope:eqversion:9.0.0

Trust: 0.4

sources: IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // JVNDB: JVNDB-2020-005162 // NVD: CVE-2020-12006

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-12006
value: CRITICAL

Trust: 2.1

nvd@nist.gov: CVE-2020-12006
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005162
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-29743
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202005-306
value: CRITICAL

Trust: 0.6

IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287
value: HIGH

Trust: 0.2

IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f
value: HIGH

Trust: 0.2

VULHUB: VHN-164641
value: HIGH

Trust: 0.1

VULMON: CVE-2020-12006
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12006
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29743
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-164641
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-12006
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.1

nvd@nist.gov: CVE-2020-12006
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005162
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // VULHUB: VHN-164641 // VULMON: CVE-2020-12006 // JVNDB: JVNDB-2020-005162 // CNNVD: CNNVD-202005-306 // NVD: CVE-2020-12006

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-23

Trust: 1.0

sources: VULHUB: VHN-164641 // JVNDB: JVNDB-2020-005162 // NVD: CVE-2020-12006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-306

TYPE

Path traversal

Trust: 1.0

sources: IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // CNNVD: CNNVD-202005-306

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005162

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 2.1

title:Top Pageurl:https://www.advantech.com/

Trust: 0.8

title:Patch for Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29743)url:https://www.cnvd.org.cn/patchInfo/show/218853

Trust: 0.6

sources: ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // JVNDB: JVNDB-2020-005162

EXTERNAL IDS

db:NVDid:CVE-2020-12006

Trust: 5.7

db:ICS CERTid:ICSA-20-128-01

Trust: 3.2

db:ZDIid:ZDI-20-595

Trust: 2.5

db:ZDIid:ZDI-20-589

Trust: 2.5

db:ZDIid:ZDI-20-605

Trust: 2.5

db:CNVDid:CNVD-2020-29743

Trust: 1.1

db:CNNVDid:CNNVD-202005-306

Trust: 1.1

db:JVNid:JVNVU93292753

Trust: 0.8

db:JVNDBid:JVNDB-2020-005162

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9905

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9995

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9901

Trust: 0.7

db:AUSCERTid:ESB-2020.1646

Trust: 0.6

db:NSFOCUSid:47349

Trust: 0.6

db:IVDid:EC7B8103-B626-4A4F-985F-BD5BDBB95287

Trust: 0.2

db:IVDid:2D8FC349-4A01-4FA6-8792-DDCEAE01196F

Trust: 0.2

db:VULHUBid:VHN-164641

Trust: 0.1

db:VULMONid:CVE-2020-12006

Trust: 0.1

sources: IVD: ec7b8103-b626-4a4f-985f-bd5bdbb95287 // IVD: 2d8fc349-4a01-4fa6-8792-ddceae01196f // ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // VULHUB: VHN-164641 // VULMON: CVE-2020-12006 // JVNDB: JVNDB-2020-005162 // CNNVD: CNNVD-202005-306 // NVD: CVE-2020-12006

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Trust: 3.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-605/

Trust: 2.4

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 2.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-589/

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-595/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12006

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12006

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93292753/

Trust: 0.8

url:http://www.nsfocus.net/vulndb/47349

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1646/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181598

Trust: 0.1

sources: ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605 // CNVD: CNVD-2020-29743 // VULHUB: VHN-164641 // VULMON: CVE-2020-12006 // JVNDB: JVNDB-2020-005162 // CNNVD: CNNVD-202005-306 // NVD: CVE-2020-12006

CREDITS

Z0mb1E

Trust: 2.1

sources: ZDI: ZDI-20-595 // ZDI: ZDI-20-589 // ZDI: ZDI-20-605

SOURCES

db:IVDid:ec7b8103-b626-4a4f-985f-bd5bdbb95287
db:IVDid:2d8fc349-4a01-4fa6-8792-ddceae01196f
db:ZDIid:ZDI-20-595
db:ZDIid:ZDI-20-589
db:ZDIid:ZDI-20-605
db:CNVDid:CNVD-2020-29743
db:VULHUBid:VHN-164641
db:VULMONid:CVE-2020-12006
db:JVNDBid:JVNDB-2020-005162
db:CNNVDid:CNNVD-202005-306
db:NVDid:CVE-2020-12006

LAST UPDATE DATE

2024-11-23T21:59:18.650000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-595date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-589date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-605date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29743date:2020-05-25T00:00:00
db:VULHUBid:VHN-164641date:2021-09-23T00:00:00
db:VULMONid:CVE-2020-12006date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005162date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-306date:2021-01-04T00:00:00
db:NVDid:CVE-2020-12006date:2024-11-21T04:59:06.080

SOURCES RELEASE DATE

db:IVDid:ec7b8103-b626-4a4f-985f-bd5bdbb95287date:2020-05-07T00:00:00
db:IVDid:2d8fc349-4a01-4fa6-8792-ddceae01196fdate:2020-05-07T00:00:00
db:ZDIid:ZDI-20-595date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-589date:2020-05-08T00:00:00
db:ZDIid:ZDI-20-605date:2020-05-08T00:00:00
db:CNVDid:CNVD-2020-29743date:2020-05-25T00:00:00
db:VULHUBid:VHN-164641date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-12006date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005162date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-306date:2020-05-07T00:00:00
db:NVDid:CVE-2020-12006date:2020-05-08T12:15:11.160