CVE-2019-10991

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 8.3.5 and prior

Description The issue is related to multiple stack-based buffer overflow vulnerabilities in the webvrpcs process of Advantech WebAccess software. These vulnerabilities are caused by a lack of proper validation of the length of user-supplied data before it is copied into a fixed-length buffer. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code.

Recommendations For versions 8.3.5 and prior, update to a version that includes the necessary security patches to fix the stack-based buffer overflow vulnerabilities. As a temporary workaround, consider restricting access to the webvrpcs process and related components, such as bwclient, BwPAlarm, bwscrp, bwmail, bwwebv, and viewsrv, to minimize the risk of exploitation.

Fix

RCE

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2019-03766

CVE-2019-10991

ZDI-19-586

ZDI-19-588

ZDI-19-589

ZDI-19-592

ZDI-19-594

ZDI-19-619

ZDI-19-620

Affected Products

Advantech Webaccess

CVE-2019-10991

Weakness Enumeration

Related Identifiers

Affected Products

References · 12