ID

VAR-202004-0077


CVE

CVE-2020-10617


TITLE

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

Trust: 9.8

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426

DESCRIPTION

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getDeviceOidStrT method of the DBUtil class. When parsing the deviceModel element of the jsonString parameter of the TpVtSets endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM

Trust: 11.61

sources: NVD: CVE-2020-10617 // ZDI: ZDI-20-374 // ZDI: ZDI-20-426 // ZDI: ZDI-20-417 // ZDI: ZDI-20-376 // ZDI: ZDI-20-434 // ZDI: ZDI-20-419 // ZDI: ZDI-20-399 // ZDI: ZDI-20-424 // ZDI: ZDI-20-438 // ZDI: ZDI-20-436 // ZDI: ZDI-20-432 // ZDI: ZDI-20-396 // ZDI: ZDI-20-416 // ZDI: ZDI-20-395 // ZDI: ZDI-20-439 // ZDI: ZDI-20-412 // ZDI: ZDI-20-429

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 11.9

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426 // NVD: CVE-2020-10617

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10617
value: HIGH

Trust: 11.9

nvd@nist.gov: CVE-2020-10617
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202004-397
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-10617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

ZDI: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 11.9

nvd@nist.gov: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2020-10617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 11.9

title:Advantech WebAccess/NMS SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113477

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426 // CNNVD: CNNVD-202004-397

EXTERNAL IDS

db:NVDid:CVE-2020-10617

Trust: 13.5

db:ICS CERTid:ICSA-20-098-01

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-9820

Trust: 0.7

db:ZDIid:ZDI-20-438

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9567

Trust: 0.7

db:ZDIid:ZDI-20-374

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9765

Trust: 0.7

db:ZDIid:ZDI-20-412

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9821

Trust: 0.7

db:ZDIid:ZDI-20-439

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9589

Trust: 0.7

db:ZDIid:ZDI-20-395

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9776

Trust: 0.7

db:ZDIid:ZDI-20-416

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9601

Trust: 0.7

db:ZDIid:ZDI-20-396

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9814

Trust: 0.7

db:ZDIid:ZDI-20-432

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9818

Trust: 0.7

db:ZDIid:ZDI-20-436

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9810

Trust: 0.7

db:ZDIid:ZDI-20-429

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9803

Trust: 0.7

db:ZDIid:ZDI-20-424

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9613

Trust: 0.7

db:ZDIid:ZDI-20-399

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9793

Trust: 0.7

db:ZDIid:ZDI-20-419

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9816

Trust: 0.7

db:ZDIid:ZDI-20-434

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9569

Trust: 0.7

db:ZDIid:ZDI-20-376

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9777

Trust: 0.7

db:ZDIid:ZDI-20-417

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9805

Trust: 0.7

db:ZDIid:ZDI-20-426

Trust: 0.7

db:ZDIid:ZDI-20-445

Trust: 0.6

db:AUSCERTid:ESB-2020.1251

Trust: 0.6

db:NSFOCUSid:46349

Trust: 0.6

db:CNNVDid:CNNVD-202004-397

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 13.5

url:http://www.nsfocus.net/vulndb/46349

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1251/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-445/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-10617

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

CREDITS

rgod of 9sg

Trust: 11.9

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-436 // ZDI: ZDI-20-429 // ZDI: ZDI-20-424 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-434 // ZDI: ZDI-20-376 // ZDI: ZDI-20-417 // ZDI: ZDI-20-426

SOURCES

db:ZDIid:ZDI-20-438
db:ZDIid:ZDI-20-374
db:ZDIid:ZDI-20-412
db:ZDIid:ZDI-20-439
db:ZDIid:ZDI-20-395
db:ZDIid:ZDI-20-416
db:ZDIid:ZDI-20-396
db:ZDIid:ZDI-20-432
db:ZDIid:ZDI-20-436
db:ZDIid:ZDI-20-429
db:ZDIid:ZDI-20-424
db:ZDIid:ZDI-20-399
db:ZDIid:ZDI-20-419
db:ZDIid:ZDI-20-434
db:ZDIid:ZDI-20-376
db:ZDIid:ZDI-20-417
db:ZDIid:ZDI-20-426
db:CNNVDid:CNNVD-202004-397
db:NVDid:CVE-2020-10617

LAST UPDATE DATE

2026-07-14T23:11:45.558000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-432date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-436date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-429date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-424date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-399date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-419date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-434date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-376date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-417date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-426date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202004-397date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10617date:2026-06-17T02:48:06.460

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-432date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-436date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-429date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-424date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-399date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-419date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-434date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-376date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-417date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-426date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202004-397date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10617date:2020-04-09T14:15:12.510