Details of VAR-202008-0381

ID

VAR-202008-0381

CVE

CVE-2020-16213

TITLE

Advantech Made WebAccess HMI Designer Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007354

DESCRIPTION

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing. There is a buffer overflow vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program's failure to correctly verify the data submitted by the user

Trust: 2.88

sources: NVD: CVE-2020-16213 // JVNDB: JVNDB-2020-007354 // ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // VULHUB: VHN-169269

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49487

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess\/hmi designer	scope:	lte	version:	2.1.9.31	Trust: 1.0
vendor:	advantech	model:	webaccess/hmi	scope:	eq	version:	version 2.1.9.31	Trust: 0.8
vendor:	advantech	model:	webaccess/hmi designer	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess hmi designer	scope:	lte	version:	<=2.1.9.31	Trust: 0.6

sources: ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // JVNDB: JVNDB-2020-007354 // NVD: CVE-2020-16213

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-007354
value:	HIGH
Trust: 3.2
nvd@nist.gov:	CVE-2020-16213
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2020-007354
value:	CRITICAL
Trust: 0.8
IPA:	JVNDB-2020-007354
value:	LOW
Trust: 0.8
ZDI:	CVE-2020-16213
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-49487
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-265
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-16213
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-49487
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-169269
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

IPA score:	JVNDB-2020-007354
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 3.2
nvd@nist.gov:	CVE-2020-16213
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-007354
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-007354
baseSeverity:	LOW
baseScore:	3.3
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-16213
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // VULHUB: VHN-169269 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-265 // NVD: CVE-2020-16213

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-169269 // NVD: CVE-2020-16213

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-265

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007354

PATCH

title:	Support & Download	url:	https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-F6UG0T	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 0.7
title:	Patch for Advantech WebAccess HMI Designer buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/231109	Trust: 0.6

sources: ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // JVNDB: JVNDB-2020-007354

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16213	Trust: 3.8
db:	ICS CERT	id:	ICSA-20-219-02	Trust: 2.5
db:	ZDI	id:	ZDI-20-956	Trust: 2.4
db:	JVN	id:	JVNVU90924965	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007354	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10135	Trust: 0.7
db:	CNVD	id:	CNVD-2020-49487	Trust: 0.7
db:	CNNVD	id:	CNNVD-202008-265	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2721	Trust: 0.6
db:	NSFOCUS	id:	49118	Trust: 0.6
db:	VULHUB	id:	VHN-169269	Trust: 0.1

sources: ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // VULHUB: VHN-169269 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-265 // NVD: CVE-2020-16213

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16213	Trust: 2.0
url:	https://www.zerodayinitiative.com/advisories/zdi-20-956/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16229	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16215	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16217	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16213	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90924965/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16217	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16207	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16211	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16229	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16215	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2721/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49118	Trust: 0.6

sources: ZDI: ZDI-20-956 // CNVD: CNVD-2020-49487 // VULHUB: VHN-169269 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-265 // NVD: CVE-2020-16213

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-20-956

SOURCES

db:	ZDI	id:	ZDI-20-956
db:	CNVD	id:	CNVD-2020-49487
db:	VULHUB	id:	VHN-169269
db:	JVNDB	id:	JVNDB-2020-007354
db:	CNNVD	id:	CNNVD-202008-265
db:	NVD	id:	CVE-2020-16213

LAST UPDATE DATE

2024-11-23T21:51:24.224000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-956	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49487	date:	2020-08-31T00:00:00
db:	VULHUB	id:	VHN-169269	date:	2022-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-265	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2020-16213	date:	2024-11-21T05:06:56.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-956	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49487	date:	2020-08-19T00:00:00
db:	VULHUB	id:	VHN-169269	date:	2020-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-265	date:	2020-08-06T00:00:00
db:	NVD	id:	CVE-2020-16213	date:	2020-08-06T19:15:13.737