CVE-2019-10989

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 8.3.5 and prior

Description The issue is caused by a lack of proper validation of the length of user-supplied data, leading to multiple heap-based buffer overflow vulnerabilities. Exploitation of these vulnerabilities may allow remote code execution. The vulnerabilities are related to the webvrpcs process and are caused by insufficient checking of input data before it is copied into a dynamically allocated buffer of fixed length.

Recommendations For Advantech WebAccess versions 8.3.5 and prior, consider disabling the webvrpcs process as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the affected modules to minimize the risk of remote code execution. Avoid using the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.