ID
VAR-202102-0020
CVE
CVE-2020-13550
TITLE
Advantech WebAccess/SCADA Traversal Vulnerability in Japan
Trust: 0.8
DESCRIPTION
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. Advantech WebAccess/SCADA Contains a path traversal vulnerability.Information may be obtained. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment. There is a path traversal vulnerability in Advantech WebAccess/SCADA, which originates from the failure of network systems or products to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
Trust: 2.25
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess\/scada | scope: | eq | version: | 9.0.1 | Trust: 1.0 |
| vendor: | アドバンテック株式会社 | model: | webaccess/scada | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アドバンテック株式会社 | model: | webaccess/scada | scope: | eq | version: | 9.0.1 | Trust: 0.8 |
| vendor: | advantech | model: | webaccess/scada | scope: | eq | version: | 9.0.1 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.1 |
| problemtype: | Path traversal (CWE-22) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
PATCH
| title: | WebAccess/SCADA | url: | https://www.advantech.com/industrial-automation/webaccess/webaccessscada | Trust: 0.8 |
| title: | Advantech WebAccess/SCADA Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142129 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-13550 | Trust: 3.1 |
| db: | TALOS | id: | TALOS-2020-1168 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2020-016431 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-11303 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202102-1262 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-166340 | Trust: 0.1 |
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2020-1168 | Trust: 3.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-13550 | Trust: 1.4 |
CREDITS
Discovered by Yuri Kramarz of Cisco Talos.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2021-11303 |
| db: | VULHUB | id: | VHN-166340 |
| db: | JVNDB | id: | JVNDB-2020-016431 |
| db: | CNNVD | id: | CNNVD-202102-1262 |
| db: | NVD | id: | CVE-2020-13550 |
LAST UPDATE DATE
2024-08-14T13:43:38.337000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-11303 | date: | 2021-02-22T00:00:00 |
| db: | VULHUB | id: | VHN-166340 | date: | 2022-06-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-016431 | date: | 2021-12-03T03:02:00 |
| db: | CNNVD | id: | CNNVD-202102-1262 | date: | 2021-02-22T00:00:00 |
| db: | NVD | id: | CVE-2020-13550 | date: | 2022-06-29T20:30:19.780 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-11303 | date: | 2021-02-22T00:00:00 |
| db: | VULHUB | id: | VHN-166340 | date: | 2021-02-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-016431 | date: | 2021-12-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202102-1262 | date: | 2021-02-16T00:00:00 |
| db: | NVD | id: | CVE-2020-13550 | date: | 2021-02-17T19:15:12.293 |