Login Sign Up

CVE-2020-10599

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in VISAM VBASE Editor and Web-Remote Module allows attackers to exploit a vulnerable ActiveX component via buffer overflow. Successful exploitation could lead to denial-of-service or arbitrary code execution. Organizations using VBASE version 11.5.0.2 for industrial control systems are affected.

💻 Affected Systems

Products:
  • VISAM VBASE Editor
  • VBASE Web-Remote Module
Versions: 11.5.0.2
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Industrial control systems using VBASE for automation and monitoring are particularly at risk.

📦 What is this software?

Vbase Editor by Visam

View all CVEs affecting Vbase Editor →

Vbase Web Remote by Visam

View all CVEs affecting Vbase Web Remote →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing remote code execution with SYSTEM privileges, potentially enabling attackers to manipulate industrial processes or exfiltrate sensitive data.

🟠

Likely Case

Denial-of-service affecting VBASE functionality, disrupting industrial operations and requiring system restoration.

🟢

If Mitigated

Limited impact with proper network segmentation and security controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Web-Remote Module component could be directly accessible from internet, making exploitation trivial.
🏢 Internal Only: HIGH - Even internally, vulnerable systems could be exploited via phishing or compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Buffer overflow vulnerabilities in ActiveX components are typically easy to exploit once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.5.0.3 or later

Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Restart Required: Yes

Instructions:

1. Download VBASE version 11.5.0.3 or later from VISAM. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected systems. 5. Verify functionality.

🔧 Temporary Workarounds

Disable ActiveX in Internet Explorer

windows

Prevents exploitation by disabling the vulnerable ActiveX component

Open Internet Options > Security tab > Custom Level > Set 'Initialize and script ActiveX controls not marked as safe' to Disable

Network segmentation

all

Isolate VBASE systems from untrusted networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate VBASE systems
  • Deploy application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check VBASE version in Help > About menu. If version is 11.5.0.2, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version shows 11.5.0.3 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes in VBASE
  • Unusual network connections to VBASE Web-Remote port

Network Indicators:

  • Traffic patterns indicating buffer overflow attempts to VBASE services

SIEM Query:

source="vbase" AND (event_type="crash" OR event_type="exception")

📊 Metadata

CVE ID: CVE-2020-10599
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: April 3, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10599, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)