PT-2020-12990 · Advantech · Advantech Webaccess Node

Z0Mb1E

Published

2020-05-08

Updated

2020-05-11

CVE-2020-12022

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0

Description An improper validation issue exists, allowing an attacker to inject specially crafted input into memory where it can be executed. This could potentially lead to remote code execution.

Recommendations For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, consider disabling any functionality related to the improper validation of array indices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2020-12022

ZDI-20-598

Affected Products

Advantech Webaccess Node

PT-2020-12990 · Advantech · Advantech Webaccess Node

CVE-2020-12022

Weakness Enumeration

Related Identifiers

Affected Products

References · 5