Details of VAR-202004-0077

ID

VAR-202004-0077

CVE

CVE-2020-10617

TITLE

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

Trust: 7.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-423 // ZDI: ZDI-20-403 // ZDI: ZDI-20-433 // ZDI: ZDI-20-431 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441

DESCRIPTION

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the DeviceData/Performance endpoint. When parsing the mac parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM

Trust: 11.61

sources: NVD: CVE-2020-10617 // ZDI: ZDI-20-374 // ZDI: ZDI-20-441 // ZDI: ZDI-20-401 // ZDI: ZDI-20-411 // ZDI: ZDI-20-431 // ZDI: ZDI-20-433 // ZDI: ZDI-20-403 // ZDI: ZDI-20-443 // ZDI: ZDI-20-438 // ZDI: ZDI-20-381 // ZDI: ZDI-20-393 // ZDI: ZDI-20-423 // ZDI: ZDI-20-416 // ZDI: ZDI-20-395 // ZDI: ZDI-20-439 // ZDI: ZDI-20-412 // ZDI: ZDI-20-391

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess/nms	scope:	-	version:	-	Trust: 11.9
vendor:	advantech	model:	webaccess\/nms	scope:	lt	version:	3.0.2	Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-423 // ZDI: ZDI-20-393 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-443 // ZDI: ZDI-20-403 // ZDI: ZDI-20-433 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // NVD: CVE-2020-10617

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-10617
value:	HIGH
Trust: 11.9
nvd@nist.gov:	CVE-2020-10617
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202004-397
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-10617
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

ZDI:	CVE-2020-10617
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 11.9
nvd@nist.gov:	CVE-2020-10617
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2020-10617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-098-01	Trust: 11.9
title:	Advantech WebAccess/NMS SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113477	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10617	Trust: 13.5
db:	ICS CERT	id:	ICSA-20-098-01	Trust: 1.6
db:	ZDI_CAN	id:	ZDI-CAN-9820	Trust: 0.7
db:	ZDI	id:	ZDI-20-438	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9567	Trust: 0.7
db:	ZDI	id:	ZDI-20-374	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9765	Trust: 0.7
db:	ZDI	id:	ZDI-20-412	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9821	Trust: 0.7
db:	ZDI	id:	ZDI-20-439	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9589	Trust: 0.7
db:	ZDI	id:	ZDI-20-395	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9776	Trust: 0.7
db:	ZDI	id:	ZDI-20-416	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9802	Trust: 0.7
db:	ZDI	id:	ZDI-20-423	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9587	Trust: 0.7
db:	ZDI	id:	ZDI-20-393	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9574	Trust: 0.7
db:	ZDI	id:	ZDI-20-381	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9584	Trust: 0.7
db:	ZDI	id:	ZDI-20-391	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9825	Trust: 0.7
db:	ZDI	id:	ZDI-20-443	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9628	Trust: 0.7
db:	ZDI	id:	ZDI-20-403	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9815	Trust: 0.7
db:	ZDI	id:	ZDI-20-433	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9813	Trust: 0.7
db:	ZDI	id:	ZDI-20-431	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9760	Trust: 0.7
db:	ZDI	id:	ZDI-20-411	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9623	Trust: 0.7
db:	ZDI	id:	ZDI-20-401	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9823	Trust: 0.7
db:	ZDI	id:	ZDI-20-441	Trust: 0.7
db:	ZDI	id:	ZDI-20-445	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1251	Trust: 0.6
db:	NSFOCUS	id:	46349	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-397	Trust: 0.6

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-098-01	Trust: 13.5
url:	http://www.nsfocus.net/vulndb/46349	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1251/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-445/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10617	Trust: 0.6

CREDITS

rgod of 9sg

Trust: 11.2

SOURCES

db:	ZDI	id:	ZDI-20-438
db:	ZDI	id:	ZDI-20-374
db:	ZDI	id:	ZDI-20-412
db:	ZDI	id:	ZDI-20-439
db:	ZDI	id:	ZDI-20-395
db:	ZDI	id:	ZDI-20-416
db:	ZDI	id:	ZDI-20-423
db:	ZDI	id:	ZDI-20-393
db:	ZDI	id:	ZDI-20-381
db:	ZDI	id:	ZDI-20-391
db:	ZDI	id:	ZDI-20-443
db:	ZDI	id:	ZDI-20-403
db:	ZDI	id:	ZDI-20-433
db:	ZDI	id:	ZDI-20-431
db:	ZDI	id:	ZDI-20-411
db:	ZDI	id:	ZDI-20-401
db:	ZDI	id:	ZDI-20-441
db:	CNNVD	id:	CNNVD-202004-397
db:	NVD	id:	CVE-2020-10617

LAST UPDATE DATE

2025-06-26T23:21:05.073000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-438	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-374	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-412	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-439	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-395	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-416	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-423	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-393	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-381	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-391	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-443	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-403	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-433	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-431	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-411	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-401	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-441	date:	2020-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202004-397	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-10617	date:	2024-11-21T04:55:42.477

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-438	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-374	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-412	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-439	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-395	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-416	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-423	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-393	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-381	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-391	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-443	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-403	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-433	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-431	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-411	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-401	date:	2020-04-08T00:00:00
db:	ZDI	id:	ZDI-20-441	date:	2020-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202004-397	date:	2020-04-07T00:00:00
db:	NVD	id:	CVE-2020-10617	date:	2020-04-09T14:15:12.510