Page 6 of 104 results (0.009 seconds)

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0

CVE-2019-10989 – Advantech WebAccess Node BwPAlarm Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-10989

In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. En WebAccess/SCADA versiones 8.3.5 y anteriores, múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podría permitir la ejecución remota de código. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-590 https://www.zerodayinitiative.com/advisories/ZDI-19-591 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0

CVE-2019-10991 – Advantech WebAccess Client bwclient Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-10991

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. En WebAccess/SCADA, versiones 8.3.5 y anteriores, múltiples vulnerabilidades de desbordamiento de búfer basado en pila son provocadas por la falta de una validación correcta de la longitud de los datos proporcionados. La explotación de estas vulnerabilidades podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-586 https://www.zerodayinitiative.com/advisories/ZDI-19-588 https://www.zerodayinitiative.com/advisories/ZDI-19-589 https://www.zerodayinitiative.com/advisories/ZDI-19-592 https://www.zerodayinitiative.com/advisories/ZDI-19-594 https://www.zerodayinitiative.com/advisories/ZDI-19-619 https://www.zerodayinitiative.com/advisories/ZDI-19-620 • CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-10985 – Advantech WebAccess Node viewsrv Arbitrary File Deletion Vulnerability

https://notcve.org/view.php?id=CVE-2019-10985

In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. En WebAccess/SCADA, versiones 8.3.5 y anteriores, una vulnerabilidad de salto de directorio es provocada por la falta de una validación correcta de una ruta suministrada por el usuario antes de utilizarla en las operaciones de archivo. Un atacante podría aprovecharse de esta vulnerabilidad para eliminar archivos mientras se hace pasar por el administrador. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-622 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

CVE-2019-3954

https://notcve.org/view.php?id=CVE-2019-3954

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Un desbordamiento de búfer en la región stack de la memoria en WebAccess/SCADA de Advantech versión 8.4.0, permite que un atacante remoto no autenticado ejecute código arbitrario mediante el envío de una llamada RPC IOCTL 81024 creada. • https://www.tenable.com/security/research/tra-2019-28 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

CVE-2019-3953

https://notcve.org/view.php?id=CVE-2019-3953

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Un desbordamiento de búfer en la región stack de la memoria en WebAccess/SCADA de Advantech versión 8.4.0, permite que un atacante remoto no autenticado, ejecute un código arbitrario mediante el envío de una llamada RPC IOCTL 10012 creada. • https://www.tenable.com/security/research/tra-2019-17 https://www.tenable.com/security/research/tra-2019-28 • CWE-787: Out-of-bounds Write •