Details of VAR-202005-0338

ID

VAR-202005-0338

CVE

CVE-2020-12018

TITLE

Advantech WebAccess Node Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005145

DESCRIPTION

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node Exists in an out-of-bounds read vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00002722 in ViewSrv.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required

Trust: 3.96

sources: NVD: CVE-2020-12018 // JVNDB: JVNDB-2020-005145 // ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // VULHUB: VHN-164654 // VULMON: CVE-2020-12018

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // CNVD: CNVD-2020-29738

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	9.0.0	Trust: 1.9
vendor:	advantech	model:	webaccess/scada	scope:	-	version:	-	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.4	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.4.4	Trust: 0.9
vendor:	advantech	model:	webaccess node	scope:	gte	version:	8.4.4	Trust: 0.6
vendor:	advantech	model:	webaccess node	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	webaccess	model:	-	scope:	eq	version:	9.0.0	Trust: 0.4

sources: IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // VULMON: CVE-2020-12018 // JVNDB: JVNDB-2020-005145 // NVD: CVE-2020-12018

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-12018
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2020-12018
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005145
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-29738
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-292
value:	HIGH
Trust: 0.6
IVD:	0c0a4c5a-b413-4eb0-98c1-1acc2309ca38
value:	HIGH
Trust: 0.2
IVD:	2cd25065-fdf0-47db-8723-f8fa644ff39f
value:	HIGH
Trust: 0.2
VULHUB:	VHN-164654
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12018
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12018
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005145
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29738
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0c0a4c5a-b413-4eb0-98c1-1acc2309ca38
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	2cd25065-fdf0-47db-8723-f8fa644ff39f
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-164654
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-12018
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2020-12018
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005145
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // VULHUB: VHN-164654 // VULMON: CVE-2020-12018 // JVNDB: JVNDB-2020-005145 // CNNVD: CNNVD-202005-292 // NVD: CVE-2020-12018

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-164654 // JVNDB: JVNDB-2020-005145 // NVD: CVE-2020-12018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-292

TYPE

Buffer error

Trust: 1.0

sources: IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // CNNVD: CNNVD-202005-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005145

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 1.4
title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Patch for Advantech WebAccess Node out-of-bounds reading vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/218843	Trust: 0.6

sources: ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // JVNDB: JVNDB-2020-005145

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12018	Trust: 5.0
db:	ICS CERT	id:	ICSA-20-128-01	Trust: 3.2
db:	ZDI	id:	ZDI-20-628	Trust: 2.5
db:	ZDI	id:	ZDI-20-630	Trust: 1.4
db:	CNVD	id:	CNVD-2020-29738	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-292	Trust: 1.1
db:	JVN	id:	JVNVU93292753	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005145	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9903	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9896	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1646	Trust: 0.6
db:	NSFOCUS	id:	47308	Trust: 0.6
db:	IVD	id:	0C0A4C5A-B413-4EB0-98C1-1ACC2309CA38	Trust: 0.2
db:	IVD	id:	2CD25065-FDF0-47DB-8723-F8FA644FF39F	Trust: 0.2
db:	VULHUB	id:	VHN-164654	Trust: 0.1
db:	VULMON	id:	CVE-2020-12018	Trust: 0.1

sources: IVD: 0c0a4c5a-b413-4eb0-98c1-1acc2309ca38 // IVD: 2cd25065-fdf0-47db-8723-f8fa644ff39f // ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // VULHUB: VHN-164654 // VULMON: CVE-2020-12018 // JVNDB: JVNDB-2020-005145 // CNNVD: CNNVD-202005-292 // NVD: CVE-2020-12018

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Trust: 3.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-628/	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-20-128-36	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12018	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12018	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93292753/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-630/	Trust: 0.7
url:	http://www.nsfocus.net/vulndb/47308	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1646/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181601	Trust: 0.1

sources: ZDI: ZDI-20-628 // ZDI: ZDI-20-630 // CNVD: CNVD-2020-29738 // VULHUB: VHN-164654 // VULMON: CVE-2020-12018 // JVNDB: JVNDB-2020-005145 // CNNVD: CNNVD-202005-292 // NVD: CVE-2020-12018

CREDITS

Z0mb1E

Trust: 1.4

sources: ZDI: ZDI-20-628 // ZDI: ZDI-20-630

SOURCES

db:	IVD	id:	0c0a4c5a-b413-4eb0-98c1-1acc2309ca38
db:	IVD	id:	2cd25065-fdf0-47db-8723-f8fa644ff39f
db:	ZDI	id:	ZDI-20-628
db:	ZDI	id:	ZDI-20-630
db:	CNVD	id:	CNVD-2020-29738
db:	VULHUB	id:	VHN-164654
db:	VULMON	id:	CVE-2020-12018
db:	JVNDB	id:	JVNDB-2020-005145
db:	CNNVD	id:	CNNVD-202005-292
db:	NVD	id:	CVE-2020-12018

LAST UPDATE DATE

2024-08-14T13:24:34.381000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-628	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-630	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29738	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164654	date:	2020-05-11T00:00:00
db:	VULMON	id:	CVE-2020-12018	date:	2020-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-005145	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-292	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-12018	date:	2020-05-11T20:52:12.150

SOURCES RELEASE DATE

db:	IVD	id:	0c0a4c5a-b413-4eb0-98c1-1acc2309ca38	date:	2020-05-07T00:00:00
db:	IVD	id:	2cd25065-fdf0-47db-8723-f8fa644ff39f	date:	2020-05-07T00:00:00
db:	ZDI	id:	ZDI-20-628	date:	2020-05-08T00:00:00
db:	ZDI	id:	ZDI-20-630	date:	2020-05-08T00:00:00
db:	CNVD	id:	CNVD-2020-29738	date:	2020-05-25T00:00:00
db:	VULHUB	id:	VHN-164654	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-12018	date:	2020-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-005145	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-292	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-12018	date:	2020-05-08T12:15:11.317