CVE ID: CVE-2019-10993 CVSS Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Vendors: Advantech Affected Products: WebAccess Vulnerability Details: - Allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. - The flaw exists within the implementation of the 0x27D9 IOCTL in the webvrpcs process due to lack of proper validation of a user-supplied value. - Vulnerability allows code execution in the context of Administrator. Additional Details: - Advantech has issued an update. More details are at: https://www.us-cert.gov/ics/advisories/icsa-19-178-05 Disclosure Timeline: - 2019-03-01: Reported to vendor - 2019-07-02: Public release of advisory Credit: Natnael Samson (@NattiSamson)