CVE-2019-13552 – Advantech WebAccess Node BwDlgpUp Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2019-13552
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. En WebAccess versiones 8.4.1 y anteriores, múltiples vulnerabilidades de inyección de comandos son causadas por una falta de comprobación apropiada de los datos suministrados por el usuario y pueden permitir la eliminación de archivos arbitraria y la ejecución de código remota. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwDlgpUp.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2019-3975
https://notcve.org/view.php?id=CVE-2019-3975
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. El desbordamiento del búfer en la región stack de la memoria en Advantech WebAccess/SCADA versión 8.4.1, permite a un atacante remoto no autenticado ejecutar código arbitrario por medio de un mensaje de RPC IOCTL 70603 diseñado. • https://www.tenable.com/security/research/tra-2019-41 • CWE-787: Out-of-bounds Write •
CVE-2019-10961 – Advantech WebAccess HMI Designer MCR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10961
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. En WebAccess HMI Designer de Advantech versión 2.1.9.23 y anteriores, el procesamiento de archivos MCR especialmente diseñados que carecen de una comprobación apropiada de datos suministrados por el usuario, puede causar que el sistema escriba fuera del área de búfer prevista, permitiendo la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-213-01 https://www.zerodayinitiative.com/advisories/ZDI-19-691 • CWE-787: Out-of-bounds Write •
CVE-2019-10993 – Advantech WebAccess viewsrv SQLGetData Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10993
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. En WebAccess/SCADA versiones 8.3.5 y anteriores, se han identificado múltiples vulnerabilidades de desreferencia de puntero podrían permitir que un atacante remoto ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27F4 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-597 https://www.zerodayinitiative.com/advisories/ZDI-19-598 https://www.zerodayinitiative.com/advisories/ZDI-19-601 https://www.zerodayinitiative.com/advisories/ZDI-19-602 https://www.zerodayinitiative.com/advisories/ZDI-19-603 https://www.zerodayinitiative.com/advisories/ZDI-19-605 https://www.zerodayinitiative.com/advisories/ZDI-19-606 https://www.zerodayinitiative.com/advisories/ZDI-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-10987 – Advantech WebAccess Node webvrpcs viewsrv Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10987
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. En WebAccess/SCADA versiones 8.3.5 y anteriores, múltiples vulnerabilidades de escritura fuera de límites son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podría provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-584 https://www.zerodayinitiative.com/advisories/ZDI-19-587 • CWE-787: Out-of-bounds Write •