Multiple vulnerabilities in Advantech WebAccess/SCADA

A number of severe vulnerabilities have been identified in versions 8.3.5 and earlier of Advantech’s software SCADA platform, WebAccess/SCADA. The vulnerabilities could lead to the disclosure of important information, deletion of files, and remote code execution.

Six vulnerabilities have been identified:

• path traversal vulnerability (CVE-2019-10985), caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. This is a high severity vulnerability (CVSS v.3.0 base score of 7.5).
• multiple stack-based (CVE-2019-10991) and heap-based (CVE-2019-10989) buffer overflow vulnerabilities caused by the lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. These are critical vulnerabilities (CVSS v.3.0 base score of 9.8).
• out-of-bounds read (CVE-2019-10983) and write (CVE-2019-10987), also caused by the lack of proper validation of the length of user-supplied data. The former vulnerability could lead to the disclosure of important information, the latter to remote code execution. These vulnerabilities are medium severity (CVSS v.3.0 base score of 5.3) and high severity (CVSS v.3.0 base score of 8.8), respectively.
• multiple untrusted pointer dereference vulnerabilities (CVE-2019-10993). If exploited, these vulnerabilities could allow a remote attacker to execute arbitrary code. These are critical vulnerabilities (CVSS v.3.0 base score of 9.8).

To close the above vulnerabilities, Advantech has released version 8.4.1 of WebAccess / SCADA.

Source: ICS-CERT