// For flags

CVE-2019-10993

Advantech WebAccess viewsrv SQLGetData Untrusted Pointer Dereference Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

En WebAccess/SCADA versiones 8.3.5 y anteriores, se han identificado múltiples vulnerabilidades de desreferencia de puntero podrían permitir que un atacante remoto ejecute código arbitrario.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the 0x27F4 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator.

*Credits: GDPR
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-08 CVE Reserved
  • 2019-06-28 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (18)
URL Tag Source
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-597 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-598 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-601 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-602 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-603 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-605 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-606 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-607 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-611 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-612 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-613 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-614 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-615 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-616 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-617 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-618 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-623 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Advantech
Search vendor "Advantech"
 Webaccess
Search vendor "Advantech" for product "Webaccess"
 <= 8.3.5
Search vendor "Advantech" for product "Webaccess" and version " <= 8.3.5"
-
Affected