Details of VAR-202008-0368

ID

VAR-202008-0368

CVE

CVE-2020-16207

TITLE

Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 3.5

sources: ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950

DESCRIPTION

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing

Trust: 5.49

sources: NVD: CVE-2020-16207 // JVNDB: JVNDB-2020-007354 // ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950 // CNVD: CNVD-2020-49484 // VULHUB: VHN-169262 // VULMON: CVE-2020-16207

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49484

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess/hmi designer	scope:	-	version:	-	Trust: 3.5
vendor:	advantech	model:	webaccess\/hmi designer	scope:	lte	version:	2.1.9.31	Trust: 1.0
vendor:	advantech	model:	webaccess/hmi	scope:	eq	version:	version 2.1.9.31	Trust: 0.8
vendor:	advantech	model:	webaccess hmi designer	scope:	lte	version:	<=2.1.9.31	Trust: 0.6

sources: ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950 // CNVD: CNVD-2020-49484 // JVNDB: JVNDB-2020-007354 // NVD: CVE-2020-16207

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-16207
value:	HIGH
Trust: 3.5
IPA:	JVNDB-2020-007354
value:	HIGH
Trust: 3.2
nvd@nist.gov:	CVE-2020-16207
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2020-007354
value:	CRITICAL
Trust: 0.8
IPA:	JVNDB-2020-007354
value:	LOW
Trust: 0.8
CNVD:	CNVD-2020-49484
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-261
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169262
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-16207
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-16207
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2020-49484
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-169262
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2020-16207
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 3.5
IPA score:	JVNDB-2020-007354
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 3.2
nvd@nist.gov:	CVE-2020-16207
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-007354
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-007354
baseSeverity:	LOW
baseScore:	3.3
vectorString:	3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950 // CNVD: CNVD-2020-49484 // VULHUB: VHN-169262 // VULMON: CVE-2020-16207 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-261 // NVD: CVE-2020-16207

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-122	Trust: 1.0

sources: VULHUB: VHN-169262 // NVD: CVE-2020-16207

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-261

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-261

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007354

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 3.5
title:	Support & Download	url:	https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-F6UG0T	Trust: 0.8
title:	Patch for Advantech WebAccess HMI Designer buffer overflow vulnerability (CNVD-2020-49484)	url:	https://www.cnvd.org.cn/patchInfo/show/231100	Trust: 0.6
title:	Advantech WebAccess HMI Designer Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125545	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2020-16207	Trust: 0.1
title:	CVE-Flow	url:	https://github.com/404notf0und/CVE-Flow	Trust: 0.1

sources: ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950 // CNVD: CNVD-2020-49484 // VULMON: CVE-2020-16207 // JVNDB: JVNDB-2020-007354 // CNNVD: CNNVD-202008-261

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16207	Trust: 6.7
db:	ICS CERT	id:	ICSA-20-219-02	Trust: 3.2
db:	ZDI	id:	ZDI-20-959	Trust: 2.5
db:	ZDI	id:	ZDI-20-955	Trust: 2.5
db:	ZDI	id:	ZDI-20-958	Trust: 2.5
db:	ZDI	id:	ZDI-20-951	Trust: 2.5
db:	ZDI	id:	ZDI-20-950	Trust: 2.5
db:	JVN	id:	JVNVU90924965	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007354	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10122	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10136	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10133	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10188	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10121	Trust: 0.7
db:	CNVD	id:	CNVD-2020-49484	Trust: 0.7
db:	CNNVD	id:	CNNVD-202008-261	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2721	Trust: 0.6
db:	NSFOCUS	id:	49119	Trust: 0.6
db:	VULHUB	id:	VHN-169262	Trust: 0.1
db:	VULMON	id:	CVE-2020-16207	Trust: 0.1

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02	Trust: 7.3
url:	https://www.zerodayinitiative.com/advisories/zdi-20-959/	Trust: 2.4
url:	https://www.zerodayinitiative.com/advisories/zdi-20-950/	Trust: 1.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-951/	Trust: 1.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-955/	Trust: 1.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-958/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16207	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16229	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16215	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16217	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16207	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16213	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90924965/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16217	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16211	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16213	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16229	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16215	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2721/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49119	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-16207	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/404notf0und/cve-flow	Trust: 0.1

CREDITS

kimiya

Trust: 3.5

sources: ZDI: ZDI-20-959 // ZDI: ZDI-20-955 // ZDI: ZDI-20-958 // ZDI: ZDI-20-951 // ZDI: ZDI-20-950

SOURCES

db:	ZDI	id:	ZDI-20-959
db:	ZDI	id:	ZDI-20-955
db:	ZDI	id:	ZDI-20-958
db:	ZDI	id:	ZDI-20-951
db:	ZDI	id:	ZDI-20-950
db:	CNVD	id:	CNVD-2020-49484
db:	VULHUB	id:	VHN-169262
db:	VULMON	id:	CVE-2020-16207
db:	JVNDB	id:	JVNDB-2020-007354
db:	CNNVD	id:	CNNVD-202008-261
db:	NVD	id:	CVE-2020-16207

LAST UPDATE DATE

2024-11-23T21:51:24.049000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-959	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-955	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-958	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-951	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-950	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49484	date:	2020-08-31T00:00:00
db:	VULHUB	id:	VHN-169262	date:	2023-01-27T00:00:00
db:	VULMON	id:	CVE-2020-16207	date:	2023-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-261	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2020-16207	date:	2024-11-21T05:06:56.237

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-959	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-955	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-958	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-951	date:	2020-08-10T00:00:00
db:	ZDI	id:	ZDI-20-950	date:	2020-08-10T00:00:00
db:	CNVD	id:	CNVD-2020-49484	date:	2020-08-19T00:00:00
db:	VULHUB	id:	VHN-169262	date:	2020-08-06T00:00:00
db:	VULMON	id:	CVE-2020-16207	date:	2020-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-007354	date:	2020-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202008-261	date:	2020-08-06T00:00:00
db:	NVD	id:	CVE-2020-16207	date:	2020-08-06T19:15:13.550