Main Vulnerability Database SB2019040914

SB2019040914 - Multiple vulnerabilities in Advantech WebAccess/SCADA

Published: April 9, 2019 Updated: September 19, 2019

Security Bulletin ID SB2019040914

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2019-3940)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the "webvrpcs.exe" accepts unauthenticated RPC calls to perform remote file operations including fopen, fseek, ftell, fread, fwrite and fclose. A remote attacker can send a specially crafted RPC call to the application, upload and execute arbitrary file on the system.

2) Improper access control (CVE-ID: CVE-2019-3941)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the "webvrpcs.exe" accepts unauthenticated RPC calls to perform remote file operations including fopen, fseek, ftell, fread, fwrite, and fclose. A remote attacker can send a specially crafted IOCTL 10005 RPC call to the application, bypass implemented security restrictions and download arbitrary files from the remote host.

Remediation

Install update from vendor's website.

References

https://www.tenable.com/security/research/tra-2019-15