The numerous vulnerabilities of the Webvrpcs software, a remote monitoring solution from Advantech, allow a intruder to execute arbitrary code.

🗓️ 29 Oct 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Advantech Webvrpcs vulnerabilities enable remote code execution due to unsafe input handling.

Reporter	Title	Published	Views	Family All 17
CNVD	Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32472)	2 Jul 201900:00	–	cnvd
Check Point Advisories	Advantech WebAccess Buffer Overflow (CVE-2019-10991)	4 Mar 202000:00	–	checkpoint_advisories
CVE	CVE-2019-10991	28 Jun 201920:25	–	cve
Cvelist	CVE-2019-10991	28 Jun 201920:25	–	cvelist
ICS	Advantech WebAccess/SCADA	27 Jun 201900:00	–	ics
NVD	CVE-2019-10991	28 Jun 201921:15	–	nvd
OSV	CVE-2019-10991	28 Jun 201921:15	–	osv
Prion	Heap overflow	28 Jun 201921:15	–	prion
Prion	Stack overflow	28 Jun 201921:15	–	prion
Positive Technologies	PT-2019-3565 · Advantech · Advantech Webaccess	27 Jun 201900:00	–	ptsecurity

Vulners

Node

advantech_co.,advantech_webaccessRange≤8.3.5

Source	Link
securitylab	www.securitylab.ru/news/499681.php
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-19-586/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-19-588/
us-cert	www.us-cert.gov/ics/advisories/icsa-19-178-05
web	www.web.nvd.nist.gov/view/vuln/detail

29 Oct 2019 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 27.5

CVSS 39.8

EPSS0.0898

Advantech Webvrpcs Remote code execution Input handling Fixed length buffers Remote monitoring Vulnerabilities WebAccess