VAR-202005-0336
Vulnerability from variot - Updated: 2023-12-18 12:35Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required.
Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": null,
"trust": 3.5,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.9,
"vendor": "advantech",
"version": "9.0.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess node",
"scope": "gte",
"trust": 0.6,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess node",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "9.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "9.0.0"
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
}
],
"trust": 3.5
},
"cve": "CVE-2020-12010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005163",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-29744",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "864d8ee3-e266-42df-be35-529416cab683",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-164646",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12010",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12010",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005163",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-12010",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005163",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-29744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-309",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164646",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-12010",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. \n\r\n\r\nAdvantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12010",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-128-01",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2020-29744",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93292753",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10173",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-448",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10174",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-449",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10170",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-447",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10176",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-450",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10175",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-446",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1646",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48338",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47706",
"trust": 0.6
},
{
"db": "IVD",
"id": "873E9346-13B7-4A0D-BDF2-DBE576B911F3",
"trust": 0.2
},
{
"db": "IVD",
"id": "864D8EE3-E266-42DF-BE35-529416CAB683",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-164646",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12010",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"id": "VAR-202005-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
}
],
"trust": 1.6389165700000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
}
]
},
"last_update_date": "2023-12-18T12:35:35.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Patch for Advantech WebAccess Node path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218855"
},
{
"title": "Advantech WebAccess Node Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118656"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12010"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93292753/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48338"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47706"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1646/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-164646"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"date": "2020-05-08T12:15:11.207000",
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"date": "2020-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-164646"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"date": "2021-09-23T13:41:58.147000",
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess Node Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…