What is CVE-2020-10638?

CVE-2020-10638 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA.

Is authentication required to exploit CVE-2020-10638?

No, authentication is not required to exploit this vulnerability.

How severe is CVE-2020-10638?

CVE-2020-10638 has a severity rating of 9.8, which is considered critical.

What software is affected by CVE-2020-10638?

CVE-2020-10638 affects installations of Advantech WebAccess/SCADA versions up to and including 8.4.4, as well as version 9.0.0.

How can CVE-2020-10638 be mitigated?

At the moment, there is no official patch available. However, it is recommended to follow the recommendations provided by the vendor and monitor the vendor's website for any updates or patches.

Vulnerability/
CVE-2020-10638

critical

9.8

CWE

787 122 119 190

8/5/2020

4/8/2024

CVE-2020-10638: Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791c Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Fri May 08 2020(Updated: )

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Advantech WebAccess	<=8.4.4
Advantech WebAccess	=9.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-10638?
CVE-2020-10638 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA.
Is authentication required to exploit CVE-2020-10638?
No, authentication is not required to exploit this vulnerability.
How severe is CVE-2020-10638?
CVE-2020-10638 has a severity rating of 9.8, which is considered critical.
What software is affected by CVE-2020-10638?
CVE-2020-10638 affects installations of Advantech WebAccess/SCADA versions up to and including 8.4.4, as well as version 9.0.0.
How can CVE-2020-10638 be mitigated?
At the moment, there is no official patch available. However, it is recommended to follow the recommendations provided by the vendor and monitor the vendor's website for any updates or patches.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/title
agent/author
agent/last-modified-date
agent/weakness
agent/tags
collector/zdi-advisory
source/ZDI
alias/ZDI-20-616
alias/ZDI-CAN-9889
alias/CVE-2020-10638
agent/software-canonical-lookup
agent/softwarecombine
alias/ZDI-20-599
alias/ZDI-CAN-9994
alias/ZDI-20-603
alias/ZDI-CAN-9897
alias/ZDI-20-600
alias/ZDI-CAN-9997
alias/ZDI-20-621
alias/ZDI-CAN-10085
agent/description
agent/event
alias/ZDI-20-593
alias/ZDI-CAN-9902
agent/first-publish-date
vendor/advantech
canonical/advantech webaccess
version/advantech webaccess/8.4.4
version/advantech webaccess/9.0.0
canonical/advantech webaccess/scada

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.