Details of VAR-202008-0380

ID

VAR-202008-0380

CVE

CVE-2020-16211

TITLE

Advantech Made WebAccess HMI Designer Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007354

DESCRIPTION

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.88

sources: NVD: CVE-2020-16211 // JVNDB: JVNDB-2020-007354 // ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // VULHUB: VHN-169267

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49485

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess\/hmi designer	scope:	lte	version:	2.1.9.31	Trust: 1.0
vendor:	advantech	model:	webaccess/hmi	scope:	eq	version:	version 2.1.9.31	Trust: 0.8
vendor:	advantech	model:	webaccess/hmi designer	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess hmi designer	scope:	lte	version:	<=2.1.9.31	Trust: 0.6

sources: ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // JVNDB: JVNDB-2020-007354 // NVD: CVE-2020-16211

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-007354
value:	HIGH
Trust: 3.2
nvd@nist.gov:	CVE-2020-16211
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2020-007354
value:	CRITICAL
Trust: 0.8
IPA:	JVNDB-2020-007354
value:	LOW
Trust: 0.8
ZDI:	CVE-2020-16211
value:	LOW
Trust: 0.7
CNVD:	CNVD-2020-49485
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-263
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169267
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-16211
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-49485
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-169267
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

IPA score:	JVNDB-2020-007354
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 3.2
nvd@nist.gov:	CVE-2020-16211
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-007354
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-007354
baseSeverity:	LOW
baseScore:	3.3
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-16211
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // VULHUB: VHN-169267 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-263 // NVD: CVE-2020-16211

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-169267 // NVD: CVE-2020-16211

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-263

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-263

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007354

PATCH

title:	Support & Download	url:	https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-F6UG0T	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 0.7
title:	Patch for Advantech WebAccess HMI Designer buffer overflow vulnerability (CNVD-2020-49485)	url:	https://www.cnvd.org.cn/patchInfo/show/231103	Trust: 0.6
title:	Advantech WebAccess HMI Designer Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125963	Trust: 0.6

sources: ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-263

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16211	Trust: 3.8
db:	ICS CERT	id:	ICSA-20-219-02	Trust: 2.5
db:	ZDI	id:	ZDI-20-957	Trust: 2.4
db:	JVN	id:	JVNVU90924965	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007354	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10134	Trust: 0.7
db:	CNVD	id:	CNVD-2020-49485	Trust: 0.7
db:	CNNVD	id:	CNNVD-202008-263	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2721	Trust: 0.6
db:	NSFOCUS	id:	49121	Trust: 0.6
db:	VULHUB	id:	VHN-169267	Trust: 0.1

sources: ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // VULHUB: VHN-169267 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-263 // NVD: CVE-2020-16211

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16211	Trust: 2.0
url:	https://www.zerodayinitiative.com/advisories/zdi-20-957/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16229	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16215	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16217	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16213	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90924965/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16217	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16207	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16213	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16229	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16215	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2721/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49121	Trust: 0.6

sources: ZDI: ZDI-20-957 // CNVD: CNVD-2020-49485 // VULHUB: VHN-169267 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-263 // NVD: CVE-2020-16211

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-20-957

SOURCES

db:	ZDI	id:	ZDI-20-957
db:	CNVD	id:	CNVD-2020-49485
db:	VULHUB	id:	VHN-169267
db:	JVNDB	id:	JVNDB-2020-007354
db:	CNNVD	id:	CNNVD-202008-263
db:	NVD	id:	CVE-2020-16211

LAST UPDATE DATE

2024-11-23T21:51:24.259000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-957	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49485	date:	2020-08-31T00:00:00
db:	VULHUB	id:	VHN-169267	date:	2022-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-263	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2020-16211	date:	2024-11-21T05:06:56.717

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-957	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49485	date:	2020-08-19T00:00:00
db:	VULHUB	id:	VHN-169267	date:	2020-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-263	date:	2020-08-06T00:00:00
db:	NVD	id:	CVE-2020-16211	date:	2020-08-06T19:15:13.647