var-202003-0167
Vulnerability from variot
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Advantech WebAccess Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment.
There is a buffer overflow vulnerability in Advantech WebAccess 8.4.2 and previous versions. The vulnerability stems from the program's failure to correctly verify the length of data submitted by users. Attackers can use this vulnerability to execute code
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0167", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.4.2" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "webaccess", "version": "*" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.2" } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003531" } ] }, "cve": "CVE-2020-10607", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2020-10607", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003531", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2020-19926", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "d5282d3d-a398-4571-b9bc-da30828c4d30", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-163102", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-10607", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003531", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-10607", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003531", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-19926", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-1645", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163102", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Advantech WebAccess Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment. \n\r\n\r\nThere is a buffer overflow vulnerability in Advantech WebAccess 8.4.2 and previous versions. The vulnerability stems from the program\u0027s failure to correctly verify the length of data submitted by users. Attackers can use this vulnerability to execute code", "sources": [ { "db": "NVD", "id": "CVE-2020-10607" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "VULHUB", "id": "VHN-163102" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10607", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-20-086-01", "trust": 3.1 }, { "db": "CNVD", "id": "CNVD-2020-19926", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-202003-1645", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2020-003531", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.1084", "trust": 0.6 }, { "db": "IVD", "id": "D5282D3D-A398-4571-B9BC-DA30828C4D30", "trust": 0.2 }, { "db": "IVD", "id": "B9A6B9C9-B8DF-47A0-90C2-5D1880F27A53", "trust": 0.2 }, { "db": "IVD", "id": "FDD0B3F8-3949-42E4-A46F-0B16E2B5E110", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-163102", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "id": "VAR-202003-0167", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" } ], "trust": 1.73470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" } ] }, "last_update_date": "2024-11-23T22:29:42.341000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess buffer overflow vulnerability (CNVD-2020-19926)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/211327" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113038" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10607" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10607" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1084/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "date": "2020-03-28T00:00:00", "db": "CNVD", "id": "CNVD-2020-19926" }, { "date": "2020-03-27T00:00:00", "db": "VULHUB", "id": "VHN-163102" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "date": "2020-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "date": "2020-03-27T14:15:12.463000", "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-29T00:00:00", "db": "CNVD", "id": "CNVD-2020-19926" }, { "date": "2020-04-01T00:00:00", "db": "VULHUB", "id": "VHN-163102" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "date": "2020-04-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "date": "2024-11-21T04:55:41.350000", "db": "NVD", "id": "CVE-2020-10607" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1645" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003531" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" } ], "trust": 1.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.