CVE-2019-10993 – Advantech WebAccess viewsrv SQLGetData Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10993
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. En WebAccess/SCADA versiones 8.3.5 y anteriores, se han identificado múltiples vulnerabilidades de desreferencia de puntero podrían permitir que un atacante remoto ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27F4 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-597 https://www.zerodayinitiative.com/advisories/ZDI-19-598 https://www.zerodayinitiative.com/advisories/ZDI-19-601 https://www.zerodayinitiative.com/advisories/ZDI-19-602 https://www.zerodayinitiative.com/advisories/ZDI-19-603 https://www.zerodayinitiative.com/advisories/ZDI-19-605 https://www.zerodayinitiative.com/advisories/ZDI-19-606 https://www.zerodayinitiative.com/advisories/ZDI-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-10987 – Advantech WebAccess Node webvrpcs viewsrv Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10987
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. En WebAccess/SCADA versiones 8.3.5 y anteriores, múltiples vulnerabilidades de escritura fuera de límites son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podría provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-584 https://www.zerodayinitiative.com/advisories/ZDI-19-587 • CWE-787: Out-of-bounds Write •
CVE-2019-10983 – Advantech WebAccess Node viewsrv Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10983
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. En WebAccess/SCADA versiones 8.3.5 y anteriores, una vulnerabilidad de lectura fuera de límites se debe por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de esta vulnerabilidad puede permitir la divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-621 • CWE-125: Out-of-bounds Read •
CVE-2019-10989 – Advantech WebAccess Node BwPAlarm Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10989
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. En WebAccess/SCADA versiones 8.3.5 y anteriores, múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podría permitir la ejecución remota de código. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-590 https://www.zerodayinitiative.com/advisories/ZDI-19-591 • CWE-787: Out-of-bounds Write •
CVE-2019-10991 – Advantech WebAccess Client bwclient Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10991
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. En WebAccess/SCADA, versiones 8.3.5 y anteriores, múltiples vulnerabilidades de desbordamiento de búfer basado en pila son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-586 https://www.zerodayinitiative.com/advisories/ZDI-19-588 https://www.zerodayinitiative.com/advisories/ZDI-19-589 https://www.zerodayinitiative.com/advisories/ZDI-19-592 https://www.zerodayinitiative.com/advisories/ZDI-19-594 https://www.zerodayinitiative.com/advisories/ZDI-19-619 https://www.zerodayinitiative.com/advisories/ZDI-19-620 • CWE-787: Out-of-bounds Write •