PT-2020-12262 · Advantech · Advantech Webaccess Node

Z0Mb1E

Published

2020-05-08

Updated

2021-12-17

CVE-2020-10638

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess Node versions 8.4.4 and prior, Version 9.0.0

Description The issue is caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution due to multiple heap-based buffer overflow vulnerabilities.

Recommendations For Advantech WebAccess Node versions 8.4.4 and prior, Version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

CVE-2020-10638

ZDI-20-593

ZDI-20-594

ZDI-20-596

ZDI-20-597

ZDI-20-599

ZDI-20-600

ZDI-20-601

ZDI-20-602

ZDI-20-603

ZDI-20-604

ZDI-20-616

ZDI-20-617

ZDI-20-618

ZDI-20-620

ZDI-20-621

ZDI-20-623

ZDI-20-631

ZDI-20-635

Affected Products

Advantech Webaccess Node

PT-2020-12262 · Advantech · Advantech Webaccess Node

CVE-2020-10638

Weakness Enumeration

Related Identifiers

Affected Products

References · 22