Details of VAR-202005-0336

ID

VAR-202005-0336

CVE

CVE-2020-12010

TITLE

Advantech WebAccess Node Path traversal vulnerability

Trust: 1.6

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNVD: CNVD-2020-29744 // CNNVD: CNNVD-202005-309

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions

Trust: 5.85

sources: NVD: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNVD: CNVD-2020-29744

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 3.5
vendor:	advantech	model:	webaccess	scope:	eq	version:	9.0.0	Trust: 1.9
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.4	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.4.4	Trust: 0.9
vendor:	advantech	model:	webaccess node	scope:	gte	version:	8.4.4	Trust: 0.6
vendor:	advantech	model:	webaccess node	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	webaccess	model:	-	scope:	eq	version:	9.0.0	Trust: 0.4

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // NVD: CVE-2020-12010

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-12010
value:	HIGH
Trust: 3.5
nvd@nist.gov:	CVE-2020-12010
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005163
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-29744
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-309
value:	HIGH
Trust: 0.6
IVD:	873e9346-13b7-4a0d-bdf2-dbe576b911f3
value:	HIGH
Trust: 0.2
IVD:	864d8ee3-e266-42df-be35-529416cab683
value:	HIGH
Trust: 0.2
VULHUB:	VHN-164646
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12010
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12010
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005163
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29744
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	873e9346-13b7-4a0d-bdf2-dbe576b911f3
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	864d8ee3-e266-42df-be35-529416cab683
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-164646
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-12010
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 3.5
nvd@nist.gov:	CVE-2020-12010
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005163
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.9
problemtype:	CWE-23	Trust: 1.0

sources: VULHUB: VHN-164646 // JVNDB: JVNDB-2020-005163 // NVD: CVE-2020-12010

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-309

TYPE

Path traversal

Trust: 1.0

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // CNNVD: CNNVD-202005-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005163

PATCH

title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Patch for Advantech WebAccess Node path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/218855	Trust: 0.6
title:	Advantech WebAccess Node Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118656	Trust: 0.6

sources: CNVD: CNVD-2020-29744 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12010	Trust: 7.1
db:	ICS CERT	id:	ICSA-20-128-01	Trust: 3.2
db:	CNVD	id:	CNVD-2020-29744	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-309	Trust: 1.1
db:	JVN	id:	JVNVU93292753	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005163	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10173	Trust: 0.7
db:	ZDI	id:	ZDI-20-448	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10174	Trust: 0.7
db:	ZDI	id:	ZDI-20-449	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10170	Trust: 0.7
db:	ZDI	id:	ZDI-20-447	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10176	Trust: 0.7
db:	ZDI	id:	ZDI-20-450	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10175	Trust: 0.7
db:	ZDI	id:	ZDI-20-446	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1646	Trust: 0.6
db:	NSFOCUS	id:	48338	Trust: 0.6
db:	NSFOCUS	id:	47706	Trust: 0.6
db:	IVD	id:	873E9346-13B7-4A0D-BDF2-DBE576B911F3	Trust: 0.2
db:	IVD	id:	864D8EE3-E266-42DF-BE35-529416CAB683	Trust: 0.2
db:	VULHUB	id:	VHN-164646	Trust: 0.1
db:	VULMON	id:	CVE-2020-12010	Trust: 0.1

sources: IVD: 873e9346-13b7-4a0d-bdf2-dbe576b911f3 // IVD: 864d8ee3-e266-42df-be35-529416cab683 // ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446 // CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12010	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93292753/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48338	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47706	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1646/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-29744 // VULHUB: VHN-164646 // VULMON: CVE-2020-12010 // JVNDB: JVNDB-2020-005163 // CNNVD: CNNVD-202005-309 // NVD: CVE-2020-12010

CREDITS

Natnael Samson (@NattiSamson)

Trust: 3.5

sources: ZDI: ZDI-20-448 // ZDI: ZDI-20-449 // ZDI: ZDI-20-447 // ZDI: ZDI-20-450 // ZDI: ZDI-20-446

SOURCES

db:	IVD	id:	873e9346-13b7-4a0d-bdf2-dbe576b911f3
db:	IVD	id:	864d8ee3-e266-42df-be35-529416cab683
db:	ZDI	id:	ZDI-20-448
db:	ZDI	id:	ZDI-20-449
db:	ZDI	id:	ZDI-20-447
db:	ZDI	id:	ZDI-20-450
db:	ZDI	id:	ZDI-20-446
db:	CNVD	id:	CNVD-2020-29744
db:	VULHUB	id:	VHN-164646
db:	VULMON	id:	CVE-2020-12010
db:	JVNDB	id:	JVNDB-2020-005163
db:	CNNVD	id:	CNNVD-202005-309
db:	NVD	id:	CVE-2020-12010

LAST UPDATE DATE

2024-08-14T13:24:34.441000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-448	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-449	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-447	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-450	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-446	date:	2020-04-08T00:00:00
db:	CNVD	id:	CNVD-2020-29744	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164646	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2020-12010	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005163	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-309	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-12010	date:	2021-09-23T13:41:58.147

SOURCES RELEASE DATE

db:	IVD	id:	873e9346-13b7-4a0d-bdf2-dbe576b911f3	date:	2020-05-07T00:00:00
db:	IVD	id:	864d8ee3-e266-42df-be35-529416cab683	date:	2020-05-07T00:00:00
db:	ZDI	id:	ZDI-20-448	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-449	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-447	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-450	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-446	date:	2020-04-08T00:00:00
db:	CNVD	id:	CNVD-2020-29744	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164646	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-12010	date:	2020-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-005163	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-309	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-12010	date:	2020-05-08T12:15:11.207