ID

VAR-202005-0336


CVE

CVE-2020-12010


TITLE

Advantech WebAccess Node Path traversal vulnerability

Trust: 1.6

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNVD: CNVD-2020-29744 // CNNVD: CNNVD-202005-309

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions

Trust: 5.85

sources: NVD: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNVD: CNVD-2020-29744

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 3.5

vendor:advantechmodel:webaccessscope:eqversion:9.0.0

Trust: 1.9

vendor:advantechmodel:webaccessscope:lteversion:8.4.4

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.4.4

Trust: 0.9

vendor:advantechmodel:webaccess nodescope:gteversion:8.4.4

Trust: 0.6

vendor:advantechmodel:webaccess nodescope:eqversion:9.0.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccessmodel: - scope:eqversion:9.0.0

Trust: 0.4

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // NVD: CVE-2020-12010

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-12010
value: HIGH

Trust: 3.5

nvd@nist.gov: CVE-2020-12010
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005163
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-29744
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-309
value: HIGH

Trust: 0.6

IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3
value: HIGH

Trust: 0.2

IVD: 864d8ee3-e266-42df-be35-529416cab683
value: HIGH

Trust: 0.2

VULHUB: VHN-164646
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12010
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12010
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005163
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29744
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 864d8ee3-e266-42df-be35-529416cab683
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-164646
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-12010
baseSeverity: HIGH
baseScore: 8.2
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 3.5

nvd@nist.gov: CVE-2020-12010
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005163
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-23

Trust: 1.0

sources: VULHUB: VHN-164646 // JVNDB: JVNDB-2020-005163 // NVD: CVE-2020-12010

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-309

TYPE

Path traversal

Trust: 1.0

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNNVD: CNNVD-202005-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005163

PATCH

title:Top Pageurl:https://www.advantech.com/

Trust: 0.8

title:Patch for Advantech WebAccess Node path traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/218855

Trust: 0.6

title:Advantech WebAccess Node Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118656

Trust: 0.6

sources: CNVD: CNVD-2020-29744 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309

EXTERNAL IDS

db:NVDid:CVE-2020-12010

Trust: 7.1

db:ICS CERTid:ICSA-20-128-01

Trust: 3.2

db:CNVDid:CNVD-2020-29744

Trust: 1.1

db:CNNVDid:CNNVD-202005-309

Trust: 1.1

db:JVNid:JVNVU93292753

Trust: 0.8

db:JVNDBid:JVNDB-2020-005163

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-10173

Trust: 0.7

db:ZDIid:ZDI-20-448

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10174

Trust: 0.7

db:ZDIid:ZDI-20-449

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10170

Trust: 0.7

db:ZDIid:ZDI-20-447

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10176

Trust: 0.7

db:ZDIid:ZDI-20-450

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10175

Trust: 0.7

db:ZDIid:ZDI-20-446

Trust: 0.7

db:AUSCERTid:ESB-2020.1646

Trust: 0.6

db:NSFOCUSid:48338

Trust: 0.6

db:NSFOCUSid:47706

Trust: 0.6

db:IVDid:873E9346-13B7-4A0D-BDF2-DBE576B911F3

Trust: 0.2

db:IVDid:864D8EE3-E266-42DF-BE35-529416CAB683

Trust: 0.2

db:VULHUBid:VHN-164646

Trust: 0.1

db:VULMONid:CVE-2020-12010

Trust: 0.1

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12010

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93292753/

Trust: 0.8

url:http://www.nsfocus.net/vulndb/48338

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47706

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1646/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

CREDITS

Natnael Samson (@NattiSamson)

Trust: 3.5

sources: ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446

SOURCES

db:IVDid:873e9346-13b7-4a0d-bdf2-dbe576b911f3
db:IVDid:864d8ee3-e266-42df-be35-529416cab683
db:ZDIid:ZDI-20-448
db:ZDIid:ZDI-20-449
db:ZDIid:ZDI-20-447
db:ZDIid:ZDI-20-450
db:ZDIid:ZDI-20-446
db:CNVDid:CNVD-2020-29744
db:VULHUBid:VHN-164646
db:VULMONid:CVE-2020-12010
db:JVNDBid:JVNDB-2020-005163
db:CNNVDid:CNNVD-202005-309
db:NVDid:CVE-2020-12010

LAST UPDATE DATE

2024-11-23T21:59:18.321000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-448date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-449date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-447date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-450date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-446date:2020-04-08T00:00:00
db:CNVDid:CNVD-2020-29744date:2020-05-25T00:00:00
db:VULHUBid:VHN-164646date:2021-09-23T00:00:00
db:VULMONid:CVE-2020-12010date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005163date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-309date:2020-09-02T00:00:00
db:NVDid:CVE-2020-12010date:2024-11-21T04:59:06.560

SOURCES RELEASE DATE

db:IVDid:873e9346-13b7-4a0d-bdf2-dbe576b911f3date:2020-05-07T00:00:00
db:IVDid:864d8ee3-e266-42df-be35-529416cab683date:2020-05-07T00:00:00
db:ZDIid:ZDI-20-448date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-449date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-447date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-450date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-446date:2020-04-08T00:00:00
db:CNVDid:CNVD-2020-29744date:2020-05-25T00:00:00
db:VULHUBid:VHN-164646date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-12010date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005163date:2020-06-08T00:00:00
db:CNNVDid:CNNVD-202005-309date:2020-05-07T00:00:00
db:NVDid:CVE-2020-12010date:2020-05-08T12:15:11.207