Sign-up

ID

VAR-202005-1245


TITLE

Advantech WebAccess IOCTL 0x2711 bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-632

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwscrp.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.

Trust: 0.7

sources: ZDI: ZDI-20-632

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-632

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: ZDI-20-632
value: CRITICAL

Trust: 0.7

ZDI: ZDI-20-632
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-632

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 0.7

sources: ZDI: ZDI-20-632

EXTERNAL IDS

db:ZDI_CANid:ZDI-CAN-10325

Trust: 0.7

db:ZDIid:ZDI-20-632

Trust: 0.7

sources: ZDI: ZDI-20-632

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-128-36

Trust: 0.7

sources: ZDI: ZDI-20-632

CREDITS

Natnael Samson (@NattiSamson)

Trust: 0.7

sources: ZDI: ZDI-20-632

SOURCES

db:ZDIid:ZDI-20-632

LAST UPDATE DATE

2022-05-17T01:52:29.600000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-632date:2020-05-08T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-632date:2020-05-08T00:00:00