PT-2020-12975 · Advantech · Advantech Webaccess Node

Z0Mb1E

Published

2020-05-08

Updated

2021-09-23

CVE-2020-12002

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0

Description Multiple stack-based buffer overflow vulnerabilities exist due to a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

Recommendations For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, update to a version later than 9.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the affected system until a patch is available.

Fix

RCE

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2020-12002

ZDI-20-590

ZDI-20-591

ZDI-20-592

ZDI-20-619

ZDI-20-622

ZDI-20-624

ZDI-20-625

ZDI-20-633

ZDI-20-634

Affected Products

Advantech Webaccess Node

PT-2020-12975 · Advantech · Advantech Webaccess Node

CVE-2020-12002

Weakness Enumeration

Related Identifiers

Affected Products

References · 14