Vulnerability Details CVE-2020-12002
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.257
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://www.us-cert.gov/ics/advisories/icsa-20-128-01
- https://www.zerodayinitiative.com/advisories/ZDI-20-590/
- https://www.zerodayinitiative.com/advisories/ZDI-20-591/
- https://www.zerodayinitiative.com/advisories/ZDI-20-592/
- https://www.zerodayinitiative.com/advisories/ZDI-20-619/
- https://www.zerodayinitiative.com/advisories/ZDI-20-622/
- https://www.zerodayinitiative.com/advisories/ZDI-20-624/
- https://www.zerodayinitiative.com/advisories/ZDI-20-625/
- https://www.zerodayinitiative.com/advisories/ZDI-20-633/
- https://www.zerodayinitiative.com/advisories/ZDI-20-634/
- https://www.us-cert.gov/ics/advisories/icsa-20-128-01
- https://www.zerodayinitiative.com/advisories/ZDI-20-590/
- https://www.zerodayinitiative.com/advisories/ZDI-20-591/
- https://www.zerodayinitiative.com/advisories/ZDI-20-592/
- https://www.zerodayinitiative.com/advisories/ZDI-20-619/
- https://www.zerodayinitiative.com/advisories/ZDI-20-622/
- https://www.zerodayinitiative.com/advisories/ZDI-20-624/
- https://www.zerodayinitiative.com/advisories/ZDI-20-625/
- https://www.zerodayinitiative.com/advisories/ZDI-20-633/
- https://www.zerodayinitiative.com/advisories/ZDI-20-634/
Products affected by CVE-2020-12002
-
cpe:2.3:a:advantech:webaccess:6.0
-
cpe:2.3:a:advantech:webaccess:6.0-2007.06.05
-
cpe:2.3:a:advantech:webaccess:6.0-2007.06.12
-
cpe:2.3:a:advantech:webaccess:6.0-2007.06.18
-
cpe:2.3:a:advantech:webaccess:6.0-2007.06.25
-
cpe:2.3:a:advantech:webaccess:6.0-2007.07.09
-
cpe:2.3:a:advantech:webaccess:6.0-2007.07.12
-
cpe:2.3:a:advantech:webaccess:6.0-2007.07.24
-
cpe:2.3:a:advantech:webaccess:6.0-2007.07.27
-
cpe:2.3:a:advantech:webaccess:6.0-2007.08.01
-
cpe:2.3:a:advantech:webaccess:6.0-2007.08.09
-
cpe:2.3:a:advantech:webaccess:6.0-2007.09.05
-
cpe:2.3:a:advantech:webaccess:6.0-2007.09.06
-
cpe:2.3:a:advantech:webaccess:6.0-2007.09.10
-
cpe:2.3:a:advantech:webaccess:6.0-2007.09.16
-
cpe:2.3:a:advantech:webaccess:6.0-2007.09.26
-
cpe:2.3:a:advantech:webaccess:6.0-2007.10.05
-
cpe:2.3:a:advantech:webaccess:6.0-2007.10.16
-
cpe:2.3:a:advantech:webaccess:6.0-2007.10.18
-
cpe:2.3:a:advantech:webaccess:6.0-2007.10.30
-
cpe:2.3:a:advantech:webaccess:6.0-2007.11.05
-
cpe:2.3:a:advantech:webaccess:6.0-2007.11.08
-
cpe:2.3:a:advantech:webaccess:6.0-2007.11.12
-
cpe:2.3:a:advantech:webaccess:6.0-2007.11.27
-
cpe:2.3:a:advantech:webaccess:6.0-2007.11.29
-
cpe:2.3:a:advantech:webaccess:6.0-2007.12.06
-
cpe:2.3:a:advantech:webaccess:6.0-2007.12.10
-
cpe:2.3:a:advantech:webaccess:6.0-2008.01.14
-
cpe:2.3:a:advantech:webaccess:6.0-2008.01.17
-
cpe:2.3:a:advantech:webaccess:6.0-2008.01.21
-
cpe:2.3:a:advantech:webaccess:6.0-2008.02.14
-
cpe:2.3:a:advantech:webaccess:6.0-2008.03.04
-
cpe:2.3:a:advantech:webaccess:6.0-2008.03.05
-
cpe:2.3:a:advantech:webaccess:6.0-2008.03.06
-
cpe:2.3:a:advantech:webaccess:6.0-2008.04.08
-
cpe:2.3:a:advantech:webaccess:6.0-2008.04.28
-
cpe:2.3:a:advantech:webaccess:6.0-2008.04.29
-
cpe:2.3:a:advantech:webaccess:6.0-2008.05.12
-
cpe:2.3:a:advantech:webaccess:6.0-2008.05.14
-
cpe:2.3:a:advantech:webaccess:6.0-2008.05.15
-
cpe:2.3:a:advantech:webaccess:6.0-2008.05.21
-
cpe:2.3:a:advantech:webaccess:6.0-2008.05.29
-
cpe:2.3:a:advantech:webaccess:6.0-2008.06.03
-
cpe:2.3:a:advantech:webaccess:6.0-2008.06.06
-
cpe:2.3:a:advantech:webaccess:6.0-2008.06.23
-
cpe:2.3:a:advantech:webaccess:6.0-2008.06.25
-
cpe:2.3:a:advantech:webaccess:6.0-2008.07.01
-
cpe:2.3:a:advantech:webaccess:6.0-2008.07.18
-
cpe:2.3:a:advantech:webaccess:6.0-2008.07.29
-
cpe:2.3:a:advantech:webaccess:6.0-2008.08.03
-
cpe:2.3:a:advantech:webaccess:6.0-2008.08.26
-
cpe:2.3:a:advantech:webaccess:6.0-2008.09.12
-
cpe:2.3:a:advantech:webaccess:6.0-2008.09.23
-
cpe:2.3:a:advantech:webaccess:6.0-2008.09.29
-
cpe:2.3:a:advantech:webaccess:6.0-2008.09.30
-
cpe:2.3:a:advantech:webaccess:6.0-2008.11.03
-
cpe:2.3:a:advantech:webaccess:6.0-2008.11.06
-
cpe:2.3:a:advantech:webaccess:6.0-2008.11.07
-
cpe:2.3:a:advantech:webaccess:6.0-2008.11.12
-
cpe:2.3:a:advantech:webaccess:6.0-2008.11.14
-
cpe:2.3:a:advantech:webaccess:6.0-2008.12.30
-
cpe:2.3:a:advantech:webaccess:6.0-2009.04.02
-
cpe:2.3:a:advantech:webaccess:6.0-2009.04.09
-
cpe:2.3:a:advantech:webaccess:6.0-2009.04.12
-
cpe:2.3:a:advantech:webaccess:6.0-2009.04.27
-
cpe:2.3:a:advantech:webaccess:6.0-2009.05.14
-
cpe:2.3:a:advantech:webaccess:6.0-2009.05.27
-
cpe:2.3:a:advantech:webaccess:6.0-2009.06.03
-
cpe:2.3:a:advantech:webaccess:6.0-2009.06.08
-
cpe:2.3:a:advantech:webaccess:6.0-2009.06.09
-
cpe:2.3:a:advantech:webaccess:6.0-2009.1.06
-
cpe:2.3:a:advantech:webaccess:6.0-2009.1.14
-
cpe:2.3:a:advantech:webaccess:6.0-2009.2.10
-
cpe:2.3:a:advantech:webaccess:6.0-2009.2.18
-
cpe:2.3:a:advantech:webaccess:6.0-2009.2.3
-
cpe:2.3:a:advantech:webaccess:6.0-2009.3.10
-
cpe:2.3:a:advantech:webaccess:6.0-2009.3.24
-
cpe:2.3:a:advantech:webaccess:6.0-2009.3.29
-
cpe:2.3:a:advantech:webaccess:6.0-2009.4.01
-
cpe:2.3:a:advantech:webaccess:7-2009.10.13
-
cpe:2.3:a:advantech:webaccess:7.0
-
cpe:2.3:a:advantech:webaccess:7.0-2009.06.29
-
cpe:2.3:a:advantech:webaccess:7.0-2009.07.21
-
cpe:2.3:a:advantech:webaccess:7.0-2009.08.03
-
cpe:2.3:a:advantech:webaccess:7.0-2009.08.13
-
cpe:2.3:a:advantech:webaccess:7.0-2009.08.14
-
cpe:2.3:a:advantech:webaccess:7.0-2009.11.16
-
cpe:2.3:a:advantech:webaccess:7.0-2010.02.24
-
cpe:2.3:a:advantech:webaccess:7.0-2010.05.10
-
cpe:2.3:a:advantech:webaccess:7.0-2010.06.08
-
cpe:2.3:a:advantech:webaccess:7.0-2010.07.02
-
cpe:2.3:a:advantech:webaccess:7.0-2010.07.16
-
cpe:2.3:a:advantech:webaccess:7.0-2010.08.10
-
cpe:2.3:a:advantech:webaccess:7.0-2010.08.17
-
cpe:2.3:a:advantech:webaccess:7.0-2010.09.02
-
cpe:2.3:a:advantech:webaccess:7.0-2010.09.30
-
cpe:2.3:a:advantech:webaccess:7.0-2010.11.10
-
cpe:2.3:a:advantech:webaccess:7.0-2011.01.11
-
cpe:2.3:a:advantech:webaccess:7.0-2011.01.26
-
cpe:2.3:a:advantech:webaccess:7.0-2011.05.23
-
cpe:2.3:a:advantech:webaccess:7.0-2011.08.27
-
cpe:2.3:a:advantech:webaccess:7.0-2011.12.20
-
cpe:2.3:a:advantech:webaccess:7.0-2012.03.02
-
cpe:2.3:a:advantech:webaccess:7.0-2012.03.08
-
cpe:2.3:a:advantech:webaccess:7.0-2012.03.18
-
cpe:2.3:a:advantech:webaccess:7.0-2012.03.29
-
cpe:2.3:a:advantech:webaccess:7.0-2012.05.21
-
cpe:2.3:a:advantech:webaccess:7.0-2012.06.02
-
cpe:2.3:a:advantech:webaccess:7.0-2012.06.29
-
cpe:2.3:a:advantech:webaccess:7.0-2012.09.12
-
cpe:2.3:a:advantech:webaccess:7.0-2012.09.13
-
cpe:2.3:a:advantech:webaccess:7.0-2012.10.31
-
cpe:2.3:a:advantech:webaccess:7.0-2012.11.29
-
cpe:2.3:a:advantech:webaccess:7.0-2012.12.05
-
cpe:2.3:a:advantech:webaccess:7.0-2012.12.10
-
cpe:2.3:a:advantech:webaccess:7.0-2013.01.02
-
cpe:2.3:a:advantech:webaccess:7.0-2013.01.08
-
cpe:2.3:a:advantech:webaccess:7.0-2013.01.17
-
cpe:2.3:a:advantech:webaccess:7.0-2013.01.21
-
cpe:2.3:a:advantech:webaccess:7.1
-
cpe:2.3:a:advantech:webaccess:7.1-2013.04.01
-
cpe:2.3:a:advantech:webaccess:7.2
-
cpe:2.3:a:advantech:webaccess:7.2-2013.07.01
-
cpe:2.3:a:advantech:webaccess:7.2-2013.07.26
-
cpe:2.3:a:advantech:webaccess:7.2-2013.08.05
-
cpe:2.3:a:advantech:webaccess:7.2-2013.08.18
-
cpe:2.3:a:advantech:webaccess:7.2-2013.08.25
-
cpe:2.3:a:advantech:webaccess:7.2-2013.09.12
-
cpe:2.3:a:advantech:webaccess:7.2-2013.09.24
-
cpe:2.3:a:advantech:webaccess:7.2-2013.09.27
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.02
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.17
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.22
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.24
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.28
-
cpe:2.3:a:advantech:webaccess:7.2-2013.10.30
-
cpe:2.3:a:advantech:webaccess:7.2-2013.11.01
-
cpe:2.3:a:advantech:webaccess:7.2-2013.11.14
-
cpe:2.3:a:advantech:webaccess:7.2-2013.12.15
-
cpe:2.3:a:advantech:webaccess:7.2-2014.01.10
-
cpe:2.3:a:advantech:webaccess:7.2-2014.01.20
-
cpe:2.3:a:advantech:webaccess:7.2-2014.01.24
-
cpe:2.3:a:advantech:webaccess:7.2-2014.02.10
-
cpe:2.3:a:advantech:webaccess:7.2_20140303
-
cpe:2.3:a:advantech:webaccess:7.2_20140606
-
cpe:2.3:a:advantech:webaccess:7.2_20140730
-
cpe:2.3:a:advantech:webaccess:8.0
-
cpe:2.3:a:advantech:webaccess:8.0-2014.10.31
-
cpe:2.3:a:advantech:webaccess:8.0_20150412
-
cpe:2.3:a:advantech:webaccess:8.0_20150816
-
cpe:2.3:a:advantech:webaccess:8.1
-
cpe:2.3:a:advantech:webaccess:8.1_20151230
-
cpe:2.3:a:advantech:webaccess:8.1_20160519
-
cpe:2.3:a:advantech:webaccess:8.2
-
cpe:2.3:a:advantech:webaccess:8.2_20161121
-
cpe:2.3:a:advantech:webaccess:8.2_20170817
-
cpe:2.3:a:advantech:webaccess:8.3.0
-
cpe:2.3:a:advantech:webaccess:8.3.1
-
cpe:2.3:a:advantech:webaccess:8.3.2
-
cpe:2.3:a:advantech:webaccess:8.3.4
-
cpe:2.3:a:advantech:webaccess:8.3.5
-
cpe:2.3:a:advantech:webaccess:8.4
-
cpe:2.3:a:advantech:webaccess:8.4.0
-
cpe:2.3:a:advantech:webaccess:8.4.1
-
cpe:2.3:a:advantech:webaccess:8.4.2
-
cpe:2.3:a:advantech:webaccess:8.4.3
-
cpe:2.3:a:advantech:webaccess:8.4.4
-
cpe:2.3:a:advantech:webaccess:9.0.0