cvelistv5 - cve-2020-12010

▼	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-20-128-01	Third Party Advisory, US Government Resource

▼	Vendor	Product
	n/a	Advantech WebAccess Node

ghsa-chvw-pr2x-vpmr

Vulnerability from github

Published

2022-05-24 22:28

Modified

2022-05-24 22:28

Details

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-08T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control.",
  "id": "GHSA-chvw-pr2x-vpmr",
  "modified": "2022-05-24T22:28:32Z",
  "published": "2022-05-24T22:28:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12010"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-12010

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

Aliases

CVE-2020-12010

Aliases

CVE-2020-12010

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-12010",
    "description": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control.",
    "id": "GSD-2020-12010"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-12010"
      ],
      "details": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control.",
      "id": "GSD-2020-12010",
      "modified": "2023-12-13T01:21:48.924005Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2020-12010",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Advantech WebAccess Node",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "RELATIVE PATH TRAVERSAL CWE-23"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.4.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:advantech:webaccess:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12010"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-09-23T13:41Z",
      "publishedDate": "2020-05-08T12:15Z"
    }
  }
}

var-202005-0336

Vulnerability from variot

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required.

Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0336",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webaccess",
        "scope": null,
        "trust": 3.5,
        "vendor": "advantech",
        "version": null
      },
      {
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "advantech",
        "version": "9.0.0"
      },
      {
        "model": "webaccess",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "advantech",
        "version": "8.4.4"
      },
      {
        "model": "webaccess",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "advantech",
        "version": "8.4.4"
      },
      {
        "model": "webaccess node",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "advantech",
        "version": "8.4.4"
      },
      {
        "model": "webaccess node",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "advantech",
        "version": "9.0.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "webaccess",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "webaccess",
        "version": "9.0.0"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:advantech:webaccess",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Natnael Samson (@NattiSamson)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      }
    ],
    "trust": 3.5
  },
  "cve": "CVE-2020-12010",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-12010",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005163",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-29744",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "864d8ee3-e266-42df-be35-529416cab683",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-164646",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12010",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 3.5,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-12010",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.1,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005163",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2020-12010",
            "trust": 3.5,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-12010",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005163",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-29744",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-309",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "864d8ee3-e266-42df-be35-529416cab683",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-164646",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-12010",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. \n\r\n\r\nAdvantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      }
    ],
    "trust": 5.85
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12010",
        "trust": 7.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-128-01",
        "trust": 3.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU93292753",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10173",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10174",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10170",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10176",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10175",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1646",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48338",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47706",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "873E9346-13B7-4A0D-BDF2-DBE576B911F3",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "864D8EE3-E266-42DF-BE35-529416CAB683",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "id": "VAR-202005-0336",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      }
    ],
    "trust": 1.63993413
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:24:34.441000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.advantech.com/"
      },
      {
        "title": "Patch for Advantech WebAccess Node path traversal vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/218855"
      },
      {
        "title": "Advantech WebAccess Node Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118656"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-23",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12010"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93292753/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48338"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47706"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-07T00:00:00",
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "date": "2020-05-07T00:00:00",
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "date": "2020-05-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "date": "2020-05-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "date": "2020-05-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "date": "2020-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "date": "2020-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "date": "2020-05-08T12:15:11.207000",
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-448"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-449"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-447"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-450"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-446"
      },
      {
        "date": "2020-05-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "date": "2021-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164646"
      },
      {
        "date": "2020-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12010"
      },
      {
        "date": "2020-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005163"
      },
      {
        "date": "2020-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      },
      {
        "date": "2021-09-23T13:41:58.147000",
        "db": "NVD",
        "id": "CVE-2020-12010"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Advantech WebAccess Node Path traversal vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-29744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      }
    ],
    "trust": 1.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
      },
      {
        "db": "IVD",
        "id": "864d8ee3-e266-42df-be35-529416cab683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-309"
      }
    ],
    "trust": 1.0
  }
}

Action not permitted

cve-2020-12010

Vulnerability from cvelistv5

ghsa-chvw-pr2x-vpmr

Vulnerability from github

gsd-2020-12010

Vulnerability from gsd

var-202005-0336

Vulnerability from variot

Tags