CVE-2020-12018 – An out-of-bounds read vulnerability in Advantec... (How to Fix)

Q: What is the severity of CVE-2020-12018?

CVE-2020-12018 has a CVSS score of 7.5 (HIGH). An out-of-bounds read vulnerability in Advantech WebAccess Node allows attackers to read unauthorized data from memory. This affects industrial control systems using WebAccess Node versions 8.4.4 and prior, and version 9.0.0. The vulnerability could expose sensitive information or facilitate further attacks.

📋 TL;DR

An out-of-bounds read vulnerability in Advantech WebAccess Node allows attackers to read unauthorized data from memory. This affects industrial control systems using WebAccess Node versions 8.4.4 and prior, and version 9.0.0. The vulnerability could expose sensitive information or facilitate further attacks.

💻 Affected Systems

Products:

Advantech WebAccess Node

Versions: 8.4.4 and prior, 9.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: WebAccess Node is SCADA/HMI software used in industrial control systems across various sectors.

📦 What is this software?

Webaccess by Advantech

View all CVEs affecting Webaccess →

Webaccess by Advantech

View all CVEs affecting Webaccess →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration data, credentials, or process information from memory, potentially enabling full system compromise or lateral movement within industrial networks.

🟠

Likely Case

Information disclosure of system data that could be used for reconnaissance or to facilitate other attacks against the industrial control system.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though sensitive data exposure remains possible.

🌐 Internet-Facing: HIGH - WebAccess Node is often exposed to corporate networks and potentially the internet for remote monitoring/control.

🏢 Internal Only: MEDIUM - Still significant risk within industrial networks where attackers could pivot from other compromised systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the WebAccess Node service. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.4.5 and 9.0.1

Vendor Advisory: https://www.advantech.com/support/details/firmware?id=1KXK3C3S6K

Restart Required: Yes

Instructions:

1. Download patch from Advantech support portal. 2. Backup current configuration. 3. Install patch following vendor instructions. 4. Restart WebAccess Node services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate WebAccess Node systems from untrusted networks using firewalls.

Access Control Restrictions

all

Implement strict network access controls to limit connections to WebAccess Node services.

🧯 If You Can't Patch

Implement strict network segmentation to isolate WebAccess Node from untrusted networks
Monitor for unusual access patterns or memory read attempts to WebAccess Node services

🔍 How to Verify

Check if Vulnerable:

Check WebAccess Node version in application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Advantech\WebAccess\Node\Version

Check Version:

reg query "HKLM\SOFTWARE\Advantech\WebAccess\Node" /v Version

Verify Fix Applied:

Verify version is 8.4.5 or higher (for 8.x) or 9.0.1 or higher (for 9.x) and check vendor patch installation logs.

📡 Detection & Monitoring

Log Indicators:

Unusual memory access patterns
Multiple failed connection attempts to WebAccess Node service
Unexpected process memory reads

Network Indicators:

Unusual traffic to WebAccess Node default ports (TCP 80/443, 4592)
Suspicious requests to WebAccess Node web interface

SIEM Query:

source="webaccess.log" AND (event="memory_access" OR event="buffer_read") AND status="error"

📊 Metadata

CVE ID: CVE-2020-12018

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 8, 2020

Last Updated: November 21, 2024

🔗 References

https://www.us-cert.gov/ics/advisories/icsa-20-128-01 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-628/ Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-628/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12018, you might also want to check these: