What is CVE-2019-10993?

CVE-2019-10993 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node.

Is authentication required to exploit CVE-2019-10993?

No, authentication is not required to exploit this vulnerability.

What is the severity of CVE-2019-10993?

The severity of CVE-2019-10993 is critical with a CVSS score of 9.8.

How does CVE-2019-10993 work?

CVE-2019-10993 is a result of an untrusted pointer dereference in the implementation of the 0x27DC IOCTL in the webvrpcs process of Advantech WebAccess Node.

How can I fix CVE-2019-10993?

It is recommended to update to a version of Advantech WebAccess Node that is not affected by this vulnerability.

Vulnerability/
CVE-2019-10993

critical

9.8

CWE

119

28/6/2019

4/8/2024

CVE-2019-10993: Advantech WebAccess Node viewsrv SQLParamData Untrusted Pointer Dereference Remote Code Execution Vulnerability

First published: Fri Jun 28 2019(Updated: )

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Advantech WebAccess	<=8.3.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10993?
CVE-2019-10993 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node.
Is authentication required to exploit CVE-2019-10993?
No, authentication is not required to exploit this vulnerability.
What is the severity of CVE-2019-10993?
The severity of CVE-2019-10993 is critical with a CVSS score of 9.8.
How does CVE-2019-10993 work?
CVE-2019-10993 is a result of an untrusted pointer dereference in the implementation of the 0x27DC IOCTL in the webvrpcs process of Advantech WebAccess Node.
How can I fix CVE-2019-10993?
It is recommended to update to a version of Advantech WebAccess Node that is not affected by this vulnerability.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/references
agent/first-publish-date
agent/description
agent/title
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-19-601
alias/ZDI-CAN-8133
alias/CVE-2019-10993
agent/software-canonical-lookup
alias/ZDI-19-612
alias/ZDI-CAN-8145
alias/ZDI-19-618
alias/ZDI-CAN-8152
alias/ZDI-19-616
alias/ZDI-CAN-8150
alias/ZDI-19-607
alias/ZDI-CAN-8140
alias/ZDI-19-603
alias/ZDI-CAN-8136
alias/ZDI-19-598
alias/ZDI-CAN-8128
alias/ZDI-19-615
alias/ZDI-CAN-8148
alias/ZDI-19-605
alias/ZDI-CAN-8138
alias/ZDI-19-613
alias/ZDI-CAN-8146
alias/ZDI-19-617
alias/ZDI-CAN-8151
alias/ZDI-19-602
alias/ZDI-CAN-8135
alias/ZDI-19-606
alias/ZDI-CAN-8139
alias/ZDI-19-623
alias/ZDI-CAN-8119
alias/ZDI-19-597
alias/ZDI-CAN-8127
alias/ZDI-19-611
alias/ZDI-CAN-8144
alias/ZDI-19-614
alias/ZDI-CAN-8147
vendor/advantech
canonical/advantech webaccess
version/advantech webaccess/8.3.5