Preface: Cyber Security expert not suggest access SCADA Dashboard from external area (internet). But we can use VPN establish connection then sign on as a workaround.
Background: Advantech WebAccess/SCADA is a browser-based SCADA software package for supervisory control, data acquisition and visualization.
Vulnerability details: In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data.
CVE-2019-10989 – The specific flaw exists within the implementation of the 0x113d1 IOCTL in the webvrpcs process.
CVE-2019-10991 – The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process.
CVE-2019-10993 – The specific flaw exists within the implementation of the 0x27E9 IOCTL in the webvrpcs process.
Summary: Stack based & heap based buffer overflow and untrusted pointer dereference Remote Code Execution are all found in this product. Ioctl is a function in the device driver that manages the device’s I/O channels. The so-called I/O channel management is to control some characteristics of the device.
Reference: A stack-based buffer overflow vulnerability exists in a call to strcpy. Strcpy is one of the functions of the C language. It comes from the C standard library, defined in string.h, which can copy a memory block with a null end character into another memory block.
So attacker can leverage this vulnerability to execute code under the context of Administrator.
Advantech has issued an update to correct this vulnerability – https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Preface:
The samurai (or bushi) were the warriors of premodern Japan.Lone Wolf and Cub is a manga created by Japanese comics writer.Samurai respected justice.
Synopsis:
Justice is the legal or philosophical theory by which fairness is administered. It is the fundamental of human nature. But the concept of justice differs in every countries and culture.
Who is he?
Edward Snowden, an American contract employee at the National Security Agency, is the whistleblower behind significant revelations that surfaced in June 2013 about the US government’s top secret, extensive domestic surveillance programmes. Snowden flew to Hong Kong from Hawaii in May 2013, and supplied confidential US government documents to media outlets including the Guardian.
What’s the situation now?
He is on exile. His most recent interview in Moscow Russia on September 2018. (Refer below url)
https://www.youtube.com/watch?v=wimHE6SNddc
Why Edward Snowden should be pardoned?(Refer below url)
https://www.amnesty.org.uk/edward-snowden-nsa-whistleblower-pardon