Details of VAR-201912-0995

ID

VAR-201912-0995

CVE

CVE-2019-18257

TITLE

Advantech DiagAnywhere Server Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-013299 // CNNVD: CNNVD-201912-638

DESCRIPTION

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server. Advantech DiagAnywhere Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of FOLDER_CREATE messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Advantech DiagAnywhere Server is a set of remote monitoring software based on Windows platform from Advantech, Taiwan. This software is mainly used for remote monitoring of Advantech TPC, APAX, UNO and ADAM. Advantech DiagAnywhere Server has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 5.4

sources: NVD: CVE-2019-18257 // JVNDB: JVNDB-2019-013299 // ZDI: ZDI-19-1021 // ZDI: ZDI-19-1020 // ZDI: ZDI-19-1017 // ZDI: ZDI-19-1019 // ZDI: ZDI-19-1018 // CNVD: CNVD-2020-03191 // VULHUB: VHN-150585

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-03191

AFFECTED PRODUCTS

vendor:	advantech	model:	diaganywhere	scope:	-	version:	-	Trust: 3.5
vendor:	advantech	model:	diaganywhere	scope:	lte	version:	3.07.11	Trust: 1.0
vendor:	advantech	model:	diaganywhere server	scope:	lte	version:	3.07.11	Trust: 0.8
vendor:	advantech	model:	diaganywhere server	scope:	lte	version:	<=3.07.11	Trust: 0.6

sources: ZDI: ZDI-19-1021 // ZDI: ZDI-19-1020 // ZDI: ZDI-19-1017 // ZDI: ZDI-19-1019 // ZDI: ZDI-19-1018 // CNVD: CNVD-2020-03191 // JVNDB: JVNDB-2019-013299 // NVD: CVE-2019-18257

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-18257
value:	CRITICAL
Trust: 3.5
nvd@nist.gov:	CVE-2019-18257
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-18257
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-03191
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-638
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-150585
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-18257
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-03191
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-150585
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-18257
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 3.5
nvd@nist.gov:	CVE-2019-18257
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18257
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-19-1021 // ZDI: ZDI-19-1020 // ZDI: ZDI-19-1017 // ZDI: ZDI-19-1019 // ZDI: ZDI-19-1018 // CNVD: CNVD-2020-03191 // VULHUB: VHN-150585 // JVNDB: JVNDB-2019-013299 // CNNVD: CNNVD-201912-638 // NVD: CVE-2019-18257

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-150585 // JVNDB: JVNDB-2019-013299 // NVD: CVE-2019-18257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-638

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-638

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013299

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-01	Trust: 3.5
title:	トップページ	url:	https://www.advantech.co.jp/	Trust: 0.8
title:	Patch for Advantech DiagAnywhere Server Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/198545	Trust: 0.6
title:	Advantech DiagAnywhere Server Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105409	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18257	Trust: 6.6
db:	ICS CERT	id:	ICSA-19-346-01	Trust: 2.5
db:	ZDI	id:	ZDI-19-1021	Trust: 1.3
db:	JVNDB	id:	JVNDB-2019-013299	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9489	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9488	Trust: 0.7
db:	ZDI	id:	ZDI-19-1020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9486	Trust: 0.7
db:	ZDI	id:	ZDI-19-1017	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9485	Trust: 0.7
db:	ZDI	id:	ZDI-19-1019	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9487	Trust: 0.7
db:	ZDI	id:	ZDI-19-1018	Trust: 0.7
db:	CNVD	id:	CNVD-2020-03191	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4660	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-638	Trust: 0.6
db:	VULHUB	id:	VHN-150585	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-01	Trust: 6.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18257	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18257	Trust: 0.8
url:	http://xenbits.xen.org/xsa/advisory-307.html	Trust: 0.6
url:	http://xenbits.xen.org/xsa/advisory-308.html	Trust: 0.6
url:	http://xenbits.xen.org/xsa/advisory-309.html	Trust: 0.6
url:	http://xenbits.xen.org/xsa/advisory-310.html	Trust: 0.6
url:	http://xenbits.xen.org/xsa/advisory-311.html	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-1021/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4660/	Trust: 0.6

CREDITS

Z0mb1E

Trust: 4.1

sources: ZDI: ZDI-19-1021 // ZDI: ZDI-19-1020 // ZDI: ZDI-19-1017 // ZDI: ZDI-19-1019 // ZDI: ZDI-19-1018 // CNNVD: CNNVD-201912-638

SOURCES

db:	ZDI	id:	ZDI-19-1021
db:	ZDI	id:	ZDI-19-1020
db:	ZDI	id:	ZDI-19-1017
db:	ZDI	id:	ZDI-19-1019
db:	ZDI	id:	ZDI-19-1018
db:	CNVD	id:	CNVD-2020-03191
db:	VULHUB	id:	VHN-150585
db:	JVNDB	id:	JVNDB-2019-013299
db:	CNNVD	id:	CNNVD-201912-638
db:	NVD	id:	CVE-2019-18257

LAST UPDATE DATE

2024-11-23T20:20:02.652000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-1021	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1020	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1017	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1019	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1018	date:	2019-12-13T00:00:00
db:	CNVD	id:	CNVD-2020-03191	date:	2020-01-22T00:00:00
db:	VULHUB	id:	VHN-150585	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-013299	date:	2019-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201912-638	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2019-18257	date:	2024-11-21T04:32:56.030

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-1021	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1020	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1017	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1019	date:	2019-12-13T00:00:00
db:	ZDI	id:	ZDI-19-1018	date:	2019-12-13T00:00:00
db:	CNVD	id:	CNVD-2020-03191	date:	2020-01-22T00:00:00
db:	VULHUB	id:	VHN-150585	date:	2019-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-013299	date:	2019-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201912-638	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-18257	date:	2019-12-17T23:15:14.643