var-202005-0336
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required.
Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": null,
"trust": 3.5,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.9,
"vendor": "advantech",
"version": "9.0.0"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess node",
"scope": "gte",
"trust": 0.6,
"vendor": "advantech",
"version": "8.4.4"
},
{
"model": "webaccess node",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "9.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "webaccess",
"version": "9.0.0"
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
}
],
"trust": 3.5
},
"cve": "CVE-2020-12010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005163",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-29744",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "864d8ee3-e266-42df-be35-529416cab683",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-164646",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12010",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12010",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005163",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-12010",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005163",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-29744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-309",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164646",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-12010",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. \n\r\n\r\nAdvantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12010",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-128-01",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2020-29744",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93292753",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10173",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-448",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10174",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-449",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10170",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-447",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10176",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-450",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10175",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-446",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1646",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48338",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47706",
"trust": 0.6
},
{
"db": "IVD",
"id": "873E9346-13B7-4A0D-BDF2-DBE576B911F3",
"trust": 0.2
},
{
"db": "IVD",
"id": "864D8EE3-E266-42DF-BE35-529416CAB683",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-164646",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12010",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"id": "VAR-202005-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
}
],
"trust": 1.6389165700000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
}
]
},
"last_update_date": "2023-12-18T12:35:35.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Patch for Advantech WebAccess Node path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218855"
},
{
"title": "Advantech WebAccess Node Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118656"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12010"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93292753/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48338"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47706"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1646/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "VULHUB",
"id": "VHN-164646"
},
{
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"date": "2020-05-07T00:00:00",
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-164646"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"date": "2020-05-08T12:15:11.207000",
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"date": "2020-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-448"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-449"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-447"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-450"
},
{
"date": "2020-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-446"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-164646"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12010"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005163"
},
{
"date": "2021-09-23T13:41:58.147000",
"db": "NVD",
"id": "CVE-2020-12010"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess Node Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNVD",
"id": "CNVD-2020-29744"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3"
},
{
"db": "IVD",
"id": "864d8ee3-e266-42df-be35-529416cab683"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-309"
}
],
"trust": 1.0
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.