Sign-up

ID

VAR-202008-1237


CVE

CVE-2020-16215


TITLE

Advantech Made WebAccess HMI Designer Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007354

DESCRIPTION

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwPFile.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. The product has functions such as data transmission, menu editing and text editing. There is a buffer overflow vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program's failure to correctly verify the data submitted by the user

Trust: 2.97

sources: NVD: CVE-2020-16215 // JVNDB: JVNDB-2020-007354 // ZDI: ZDI-20-953 // CNVD: CNVD-2020-49486 // VULHUB: VHN-169271 // VULMON: CVE-2020-16215

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49486

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess\/hmi designerscope:lteversion:2.1.9.31

Trust: 1.0

vendor:advantechmodel:webaccess/hmiscope:eqversion:version 2.1.9.31

Trust: 0.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess hmi designerscope:lteversion:<=2.1.9.31

Trust: 0.6

sources: ZDI: ZDI-20-953 // CNVD: CNVD-2020-49486 // JVNDB: JVNDB-2020-007354 // NVD: CVE-2020-16215

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-007354
value: HIGH

Trust: 3.2

nvd@nist.gov: CVE-2020-16215
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-007354
value: CRITICAL

Trust: 0.8

IPA: JVNDB-2020-007354
value: LOW

Trust: 0.8

ZDI: CVE-2020-16215
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-49486
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-266
value: HIGH

Trust: 0.6

VULHUB: VHN-169271
value: HIGH

Trust: 0.1

VULMON: CVE-2020-16215
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-16215
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-49486
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-169271
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA score: JVNDB-2020-007354
baseSeverity: HIGH
baseScore: 7.8
vectorString: 3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 3.2

nvd@nist.gov: CVE-2020-16215
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-007354
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-007354
baseSeverity: LOW
baseScore: 3.3
vectorString: 3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-16215
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-953 // CNVD: CNVD-2020-49486 // VULHUB: VHN-169271 // VULMON: CVE-2020-16215 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-266 // NVD: CVE-2020-16215

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 0.1

sources: VULHUB: VHN-169271 // NVD: CVE-2020-16215

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-266

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-266

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007354

PATCH
title:Support & Downloadurl:https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-F6UG0T
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02
Trust: 0.7
title:Patch for Advantech WebAccess HMI Designer buffer overflow vulnerability (CNVD-2020-49486)url:https://www.cnvd.org.cn/patchInfo/show/231118
Trust: 0.6
title:Advantech WebAccess HMI Designer Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125964
Trust: 0.6
title:CVE-Flowurl:https://github.com/404notf0und/CVE-Flow 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-953 // 
            
            
            
            CNVD: CNVD-2020-49486 // 
            
            
            
            VULMON: CVE-2020-16215 // 
            
            
            
            JVNDB: JVNDB-2020-007354 // 
            
            
            
            CNNVD: CNNVD-202008-266

EXTERNAL IDS
db:NVDid:CVE-2020-16215
Trust: 3.9
db:ICS CERTid:ICSA-20-219-02
Trust: 2.6
db:ZDIid:ZDI-20-953
Trust: 2.5
db:JVNid:JVNVU90924965
Trust: 0.8
db:JVNDBid:JVNDB-2020-007354
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10144
Trust: 0.7
db:CNVDid:CNVD-2020-49486
Trust: 0.7
db:CNNVDid:CNNVD-202008-266
Trust: 0.7
db:AUSCERTid:ESB-2020.2721
Trust: 0.6
db:NSFOCUSid:49122
Trust: 0.6
db:VULHUBid:VHN-169271
Trust: 0.1
db:VULMONid:CVE-2020-16215
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-953 // 
            
            
            
            CNVD: CNVD-2020-49486 // 
            
            
            
            VULHUB: VHN-169271 // 
            
            
            
            VULMON: CVE-2020-16215 // 
            
            
            
            JVNDB: JVNDB-2020-007354 // 
            
            
            
            CNNVD: CNNVD-202008-266 // 
            
            
            
            NVD: CVE-2020-16215

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02
Trust: 3.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-16215
Trust: 2.0
url:https://www.zerodayinitiative.com/advisories/zdi-20-953/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16229
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16215
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16217
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16207
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16211
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16213
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90924965/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-16217
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-16207
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-16211
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-16213
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-16229
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2721/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49122
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/404notf0und/cve-flow
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-953 // 
            
            
            
            CNVD: CNVD-2020-49486 // 
            
            
            
            VULHUB: VHN-169271 // 
            
            
            
            VULMON: CVE-2020-16215 // 
            
            
            
            JVNDB: JVNDB-2020-007354 // 
            
            
            
            CNNVD: CNNVD-202008-266 // 
            
            
            
            NVD: CVE-2020-16215

CREDITS
Natnael Samson (@NattiSamson)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-953

SOURCES
db:ZDIid:ZDI-20-953
db:CNVDid:CNVD-2020-49486
db:VULHUBid:VHN-169271
db:VULMONid:CVE-2020-16215
db:JVNDBid:JVNDB-2020-007354
db:CNNVDid:CNNVD-202008-266
db:NVDid:CVE-2020-16215

LAST UPDATE DATE
2024-08-14T13:54:35.326000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-953date:2020-08-10T00:00:00
db:CNVDid:CNVD-2020-49486date:2020-08-31T00:00:00
db:VULHUBid:VHN-169271date:2021-11-22T00:00:00
db:VULMONid:CVE-2020-16215date:2021-11-22T00:00:00
db:JVNDBid:JVNDB-2020-007354date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202008-266date:2021-11-23T00:00:00
db:NVDid:CVE-2020-16215date:2021-11-22T16:20:25.800

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-953date:2020-08-10T00:00:00
db:CNVDid:CNVD-2020-49486date:2020-08-19T00:00:00
db:VULHUBid:VHN-169271date:2020-08-06T00:00:00
db:VULMONid:CVE-2020-16215date:2020-08-06T00:00:00
db:JVNDBid:JVNDB-2020-007354date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202008-266date:2020-08-06T00:00:00
db:NVDid:CVE-2020-16215date:2020-08-06T19:15:13.817