Skip to main content

Webaccess CVE-2019-10987

HIGH
Out-of-bounds Write (CWE-787)
2019-06-28 ics-cert@hq.dhs.gov
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 28, 2019 - 21:15 nvd
HIGH 8.8

DescriptionNVD

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

AnalysisAI

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Affected products include: Advantech Webaccess.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2016-0854 CRITICAL POC
9.8 Jan 15

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess

CVE-2016-0856 CRITICAL
9.8 Jan 15

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code

CVE-2014-9208 CRITICAL POC
10.0 Sep 11

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attacker

CVE-2017-14016 MEDIUM POC
6.3 Nov 06

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium

CVE-2016-5810 MEDIUM POC
4.9 May 02

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive

CVE-2019-3951 CRITICAL POC
9.8 Dec 12

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of

CVE-2019-3975 CRITICAL POC
9.8 Sep 10

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3954 CRITICAL POC
9.8 Jun 19

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3953 CRITICAL POC
9.8 Jun 18

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2018-6911 CRITICAL POC
9.8 Feb 13

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS

CVE-2018-15704 HIGH POC
8.8 Oct 22

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.

CVE-2019-3941 HIGH POC
7.5 Apr 09

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Rated

Share

CVE-2019-10987 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy