PT-2020-12986 · Advantech · Advantech Webaccess Node

Z0Mb1E

Published

2020-05-08

Updated

2020-05-11

CVE-2020-12018

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0

Description An out-of-bounds vulnerability exists that may allow access to unauthorized data. This issue affects the WebAccess/SCADA system, specifically the DrawSrv and ViewSrv components, which can be exploited through the IOCTL 0x00002722, leading to an out-of-bounds read information disclosure.

Recommendations For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, consider disabling the DrawSrv and ViewSrv components as a temporary workaround until a patch is available. Restrict access to the IOCTL 0x00002722 to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-12018

ZDI-20-628

ZDI-20-630

Affected Products

Advantech Webaccess Node

PT-2020-12986 · Advantech · Advantech Webaccess Node

CVE-2020-12018

Weakness Enumeration

Related Identifiers

Affected Products

References · 6