Sign-up

ID

VAR-202009-0590


CVE

CVE-2020-16202


TITLE

Advantech Made WebAccess Node Vulnerability in improper permission assignment for critical resources

Trust: 0.8

sources: JVNDB: JVNDB-2020-008765

DESCRIPTION

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. WebAccess Node Is Advantech Industrial software provided by. Advantech WebAccess Node is an HMI (Human Machine Interaction) platform. Advantech WebAccess Node versions before 9.0.1 have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2020-16202 // JVNDB: JVNDB-2020-008765 // CNVD: CNVD-2020-53796 // VULHUB: VHN-169257

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53796

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:ltversion:9.0.1

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:9.0.1

Trust: 0.8

vendor:advantechmodel:webaccess nodescope:ltversion:9.0.1

Trust: 0.6

sources: CNVD: CNVD-2020-53796 // JVNDB: JVNDB-2020-008765 // NVD: CVE-2020-16202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16202
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-008765
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-53796
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202009-1042
value: HIGH

Trust: 0.6

VULHUB: VHN-169257
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-16202
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-53796
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-169257
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-16202
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-008765
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-53796 // VULHUB: VHN-169257 // JVNDB: JVNDB-2020-008765 // CNNVD: CNNVD-202009-1042 // NVD: CVE-2020-16202

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

sources: VULHUB: VHN-169257 // NVD: CVE-2020-16202

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1042

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1042

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008765

PATCH
title:Support & Downloadurl:https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download
Trust: 0.8
title:Patch for Advantech WebAccess Node Critical Resource Authority Assignment Incorrect Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/235510
Trust: 0.6
title:Advantech WebAccess Node Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128363
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53796 // 
            
            
            
            JVNDB: JVNDB-2020-008765 // 
            
            
            
            CNNVD: CNNVD-202009-1042

EXTERNAL IDS
db:ICS CERTid:ICSA-20-261-01
Trust: 3.1
db:NVDid:CVE-2020-16202
Trust: 3.1
db:JVNid:JVNVU99116422
Trust: 0.8
db:JVNDBid:JVNDB-2020-008765
Trust: 0.8
db:CNVDid:CNVD-2020-53796
Trust: 0.7
db:NSFOCUSid:49608
Trust: 0.6
db:AUSCERTid:ESB-2020.3217
Trust: 0.6
db:CNNVDid:CNNVD-202009-1042
Trust: 0.6
db:VULHUBid:VHN-169257
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-53796 // 
            
            
            
            VULHUB: VHN-169257 // 
            
            
            
            JVNDB: JVNDB-2020-008765 // 
            
            
            
            CNNVD: CNNVD-202009-1042 // 
            
            
            
            NVD: CVE-2020-16202

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01
Trust: 3.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16202
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99116422/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.3217/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-16202
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49608
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53796 // 
            
            
            
            VULHUB: VHN-169257 // 
            
            
            
            JVNDB: JVNDB-2020-008765 // 
            
            
            
            CNNVD: CNNVD-202009-1042 // 
            
            
            
            NVD: CVE-2020-16202

SOURCES
db:CNVDid:CNVD-2020-53796
db:VULHUBid:VHN-169257
db:JVNDBid:JVNDB-2020-008765
db:CNNVDid:CNNVD-202009-1042
db:NVDid:CVE-2020-16202

LAST UPDATE DATE
2024-08-14T15:12:10.993000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53796date:2020-09-24T00:00:00
db:VULHUBid:VHN-169257date:2020-09-30T00:00:00
db:JVNDBid:JVNDB-2020-008765date:2020-09-24T00:00:00
db:CNNVDid:CNNVD-202009-1042date:2020-10-19T00:00:00
db:NVDid:CVE-2020-16202date:2020-09-30T15:26:25.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53796date:2020-09-24T00:00:00
db:VULHUBid:VHN-169257date:2020-09-22T00:00:00
db:JVNDBid:JVNDB-2020-008765date:2020-09-24T00:00:00
db:CNNVDid:CNNVD-202009-1042date:2020-09-17T00:00:00
db:NVDid:CVE-2020-16202date:2020-09-22T15:15:14.560