Advantech WebAccess/SCADA is prone to the following security vulnerabilities:
1. A directory-traversal vulnerability
2. Multiple stack-based buffer-overflow vulnerabilities
3. Multiple heap-based buffer-overflow vulnerabilities
4. An information disclosure vulnerability
5. Multiple remote-code execution vulnerabilities
An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks.
Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108923 |
| Class: | Unknown |
| CVE: | CVE-2019-10985 CVE-2019-10991 CVE-2019-10989 CVE-2019-10983 CVE-2019-10987 CVE-2019-10993 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 27 2019 12:00AM |
| Updated: | Jun 27 2019 12:00AM |
| Credit: | Mat Powell, Natnael Samson and EljahLG working with Trend Microâ??s Zero Day Initiative. |
| Vulnerable: | Advantech WebAccess/SCADA 8.3.5 Advantech WebAccess/SCADA 8.3.4 Advantech WebAccess/SCADA 8.3.2 Advantech WebAccess/SCADA 8.3 Advantech WebAccess/SCADA 8.1 Advantech WebAccess/SCADA 8.0 Advantech WebAccess/SCADA 7.2 |
| Not Vulnerable: | Advantech WebAccess/SCADA 8.4.1 |
from SecurityFocus Vulnerabilities https://ift.tt/2REguyn
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.