Details of VAR-202008-0373

ID

VAR-202008-0373

CVE

CVE-2020-16245

TITLE

Advantech iView path traversal vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-49617 // CNNVD: CNNVD-202008-1197

DESCRIPTION

Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths

Trust: 7.92

sources: NVD: CVE-2020-16245 // JVNDB: JVNDB-2020-007819 // ZDI: ZDI-20-1084 // ZDI: ZDI-20-1086 // ZDI: ZDI-20-1085 // ZDI: ZDI-20-1088 // ZDI: ZDI-20-1090 // ZDI: ZDI-20-1087 // ZDI: ZDI-20-1089 // ZDI: ZDI-20-1092 // ZDI: ZDI-20-1091 // CNVD: CNVD-2020-49617 // VULHUB: VHN-169304

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49617

AFFECTED PRODUCTS

vendor:	advantech	model:	iview	scope:	-	version:	-	Trust: 6.3
vendor:	advantech	model:	iview	scope:	lte	version:	5.7	Trust: 1.0
vendor:	advantech	model:	iview	scope:	eq	version:	upgrade 5.7.02	Trust: 0.8
vendor:	advantech	model:	iview	scope:	lte	version:	<=5.7	Trust: 0.6

sources: ZDI: ZDI-20-1084 // ZDI: ZDI-20-1086 // ZDI: ZDI-20-1085 // ZDI: ZDI-20-1088 // ZDI: ZDI-20-1090 // ZDI: ZDI-20-1087 // ZDI: ZDI-20-1089 // ZDI: ZDI-20-1092 // ZDI: ZDI-20-1091 // CNVD: CNVD-2020-49617 // JVNDB: JVNDB-2020-007819 // NVD: CVE-2020-16245

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-16245
value:	CRITICAL
Trust: 4.9
ZDI:	CVE-2020-16245
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2020-16245
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2020-007819
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-49617
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-1197
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-169304
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-16245
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-49617
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-169304
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-16245
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 4.2
ZDI:	CVE-2020-16245
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2020-16245
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-007819
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-16245
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.5
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-1084 // ZDI: ZDI-20-1086 // ZDI: ZDI-20-1085 // ZDI: ZDI-20-1088 // ZDI: ZDI-20-1090 // ZDI: ZDI-20-1087 // ZDI: ZDI-20-1089 // ZDI: ZDI-20-1092 // ZDI: ZDI-20-1091 // CNVD: CNVD-2020-49617 // VULHUB: VHN-169304 // JVNDB: JVNDB-2020-007819 // CNNVD: CNNVD-202008-1197 // NVD: CVE-2020-16245

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-169304 // JVNDB: JVNDB-2020-007819 // NVD: CVE-2020-16245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1197

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-1197

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007819

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01	Trust: 6.3
title:	iView Upgrade 5.7.02	url:	https://www.advantech.tw/support/details/faq?id=1-HIPU-181	Trust: 0.8
title:	Patch for Advantech iView path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/232402	Trust: 0.6
title:	Advantech iView Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126842	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16245	Trust: 9.4
db:	ICS CERT	id:	ICSA-20-238-01	Trust: 2.5
db:	ZDI	id:	ZDI-20-1084	Trust: 2.4
db:	ZDI	id:	ZDI-20-1086	Trust: 2.4
db:	ZDI	id:	ZDI-20-1085	Trust: 2.4
db:	ZDI	id:	ZDI-20-1088	Trust: 2.4
db:	ZDI	id:	ZDI-20-1090	Trust: 2.4
db:	ZDI	id:	ZDI-20-1087	Trust: 2.4
db:	ZDI	id:	ZDI-20-1089	Trust: 2.4
db:	ZDI	id:	ZDI-20-1092	Trust: 2.4
db:	ZDI	id:	ZDI-20-1091	Trust: 2.4
db:	JVN	id:	JVNVU93037867	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007819	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10976	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10989	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10988	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10991	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10993	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10990	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10992	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10995	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10994	Trust: 0.7
db:	CNVD	id:	CNVD-2020-49617	Trust: 0.7
db:	CNNVD	id:	CNNVD-202008-1197	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2915	Trust: 0.6
db:	NSFOCUS	id:	48440	Trust: 0.6
db:	VULHUB	id:	VHN-169304	Trust: 0.1

sources: ZDI: ZDI-20-1084 // ZDI: ZDI-20-1086 // ZDI: ZDI-20-1085 // ZDI: ZDI-20-1088 // ZDI: ZDI-20-1090 // ZDI: ZDI-20-1087 // ZDI: ZDI-20-1089 // ZDI: ZDI-20-1092 // ZDI: ZDI-20-1091 // CNVD: CNVD-2020-49617 // VULHUB: VHN-169304 // JVNDB: JVNDB-2020-007819 // CNNVD: CNNVD-202008-1197 // NVD: CVE-2020-16245

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01	Trust: 9.4
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1084/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1085/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1086/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1087/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1088/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1089/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1090/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1091/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-1092/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16245	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16245	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93037867/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2915/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48440	Trust: 0.6

sources: ZDI: ZDI-20-1084 // ZDI: ZDI-20-1086 // ZDI: ZDI-20-1085 // ZDI: ZDI-20-1088 // ZDI: ZDI-20-1090 // ZDI: ZDI-20-1087 // ZDI: ZDI-20-1089 // ZDI: ZDI-20-1092 // ZDI: ZDI-20-1091 // CNVD: CNVD-2020-49617 // VULHUB: VHN-169304 // JVNDB: JVNDB-2020-007819 // CNNVD: CNNVD-202008-1197 // NVD: CVE-2020-16245

CREDITS

KPC

Trust: 6.3

SOURCES

db:	ZDI	id:	ZDI-20-1084
db:	ZDI	id:	ZDI-20-1086
db:	ZDI	id:	ZDI-20-1085
db:	ZDI	id:	ZDI-20-1088
db:	ZDI	id:	ZDI-20-1090
db:	ZDI	id:	ZDI-20-1087
db:	ZDI	id:	ZDI-20-1089
db:	ZDI	id:	ZDI-20-1092
db:	ZDI	id:	ZDI-20-1091
db:	CNVD	id:	CNVD-2020-49617
db:	VULHUB	id:	VHN-169304
db:	JVNDB	id:	JVNDB-2020-007819
db:	CNNVD	id:	CNNVD-202008-1197
db:	NVD	id:	CVE-2020-16245

LAST UPDATE DATE

2024-08-14T14:44:46.381000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-1084	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1086	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1085	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1088	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1090	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1087	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1089	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1092	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1091	date:	2020-08-27T00:00:00
db:	CNVD	id:	CNVD-2020-49617	date:	2020-08-31T00:00:00
db:	VULHUB	id:	VHN-169304	date:	2020-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-007819	date:	2020-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202008-1197	date:	2020-12-31T00:00:00
db:	NVD	id:	CVE-2020-16245	date:	2020-08-31T17:30:24.297

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-1084	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1086	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1085	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1088	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1090	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1087	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1089	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1092	date:	2020-08-27T00:00:00
db:	ZDI	id:	ZDI-20-1091	date:	2020-08-27T00:00:00
db:	CNVD	id:	CNVD-2020-49617	date:	2020-08-31T00:00:00
db:	VULHUB	id:	VHN-169304	date:	2020-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-007819	date:	2020-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202008-1197	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2020-16245	date:	2020-08-25T19:15:12.563