Multiple vulnerabilities in Advantech WebAccess/SCADA
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 32 |
| CVE-ID | CVE-2019-10991 CVE-2019-10989 CVE-2019-10987 CVE-2019-10993 CVE-2019-10985 CVE-2019-10983 CVE-2019-3953 CVE-2019-3954 |
| CWE-ID | CWE-121 CWE-122 CWE-787 CWE-822 CWE-22 CWE-125 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #31 is available. Public exploit code for vulnerability #32 is available. |
| Vulnerable software Subscribe |
WebAccess/SCADA Server applications / SCADA systems |
| Vendor | Advantech Co., Ltd |
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU18975
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x113cd IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-588/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU18976
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x1138a IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-589/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU18977
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within bwwebv.exe accessible through the 0x2711 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-592/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU18978
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within bwwebv.exe accessible through the 0x2711 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-594/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU18979
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within bwmail.exe accessible through the 0x2711 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-619/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU18980
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within bwclient.exe accessible through the 0x2711 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-620/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU18982
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10989
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x113d1 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-591/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU18985
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10987
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x2723 IOCTL. A remote attacker can send a specially crafted file to the affected application, trigger out-of-bounds write error and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-587/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Untrusted Pointer Dereference
EUVDB-ID: #VU18987
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-598/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Untrusted Pointer Dereference
EUVDB-ID: #VU18988
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-601/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Untrusted Pointer Dereference
EUVDB-ID: #VU18989
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-602/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Untrusted Pointer Dereference
EUVDB-ID: #VU18990
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-603/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Untrusted Pointer Dereference
EUVDB-ID: #VU18991
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-605/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Untrusted Pointer Dereference
EUVDB-ID: #VU18992
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-606/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Untrusted Pointer Dereference
EUVDB-ID: #VU18993
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-607/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Untrusted Pointer Dereference
EUVDB-ID: #VU18994
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-611/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Untrusted Pointer Dereference
EUVDB-ID: #VU18995
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-612/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Untrusted Pointer Dereference
EUVDB-ID: #VU18996
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-613/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Untrusted Pointer Dereference
EUVDB-ID: #VU18997
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-614/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Untrusted Pointer Dereference
EUVDB-ID: #VU18998
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-615/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Untrusted Pointer Dereference
EUVDB-ID: #VU18999
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-616/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Untrusted Pointer Dereference
EUVDB-ID: #VU19000
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-617/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Untrusted Pointer Dereference
EUVDB-ID: #VU19001
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-618/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Untrusted Pointer Dereference
EUVDB-ID: #VU19002
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-623/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Path traversal
EUVDB-ID: #VU18973
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10985
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to lack of proper validation of a user-supplied path prior to use in file operations when processing data passed to the webvrpcs process, within the 0x2715 IOCTL. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system while posing as an administrator.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-622/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Stack-based buffer overflow
EUVDB-ID: #VU18974
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10991
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x271C IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-586/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Heap-based buffer overflow
EUVDB-ID: #VU18981
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10989
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within the 0x11372 IOCTL. A remote unauthenticated attacker can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-590/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU18983
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10983
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within viewsrv.dll accessible through the 0x2722 IOCTL. A remote attacker can send a specially crafted file to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-621/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds write
EUVDB-ID: #VU18984
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10987
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data passed to the webvrpcs process, within bwdraw.exe accessible through the 0x2711 IOCTL. A remote attacker can send a specially crafted file to the affected application, trigger out-of-bounds write error and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-584/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Untrusted Pointer Dereference
EUVDB-ID: #VU18986
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10993
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionMitigation
Install updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 7.2 - 8.3.5
External linkshttp://www.us-cert.gov/ics/advisories/icsa-19-178-05
http://www.zerodayinitiative.com/advisories/ZDI-19-597/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Stack-based buffer overflow
EUVDB-ID: #VU21205
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-3953
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in "viewsrv.dll" due to a boundary error when processing an IOCTL 10012 RPC call. A remote unauthenticated attacker can send a specially crafted IOCTL 10012 RPC message to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 8.4
External linkshttp://www.tenable.com/security/research/tra-2019-28
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
32) Stack-based buffer overflow
EUVDB-ID: #VU21204
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-3954
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "VdBroadWinGetLocalDataLogEx()" function in "viewdll1.dll" due to a boundary error when processing an IOCTL 81024 RPC message. A remote unauthenticated attacker can send a specially crafted IOCTL 81024 RPC message to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWebAccess/SCADA: 8.4
External linkshttp://www.tenable.com/security/research/tra-2019-28
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
