In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10993
• https://www.us-cert.gov/ics/advisories/icsa-19-178-05
• https://www.zerodayinitiative.com/advisories/ZDI-19-597/
• https://www.zerodayinitiative.com/advisories/ZDI-19-598/
• https://www.zerodayinitiative.com/advisories/ZDI-19-601/
• https://www.zerodayinitiative.com/advisories/ZDI-19-602/
• https://www.zerodayinitiative.com/advisories/ZDI-19-603/
• https://www.zerodayinitiative.com/advisories/ZDI-19-605/
• https://www.zerodayinitiative.com/advisories/ZDI-19-606/
• https://www.zerodayinitiative.com/advisories/ZDI-19-607/
• https://www.zerodayinitiative.com/advisories/ZDI-19-611/
• https://www.zerodayinitiative.com/advisories/ZDI-19-612/
• https://www.zerodayinitiative.com/advisories/ZDI-19-613/
• https://www.zerodayinitiative.com/advisories/ZDI-19-614/
• https://www.zerodayinitiative.com/advisories/ZDI-19-615/
• https://www.zerodayinitiative.com/advisories/ZDI-19-616/
• https://www.zerodayinitiative.com/advisories/ZDI-19-617/
• https://www.zerodayinitiative.com/advisories/ZDI-19-618/
• https://www.zerodayinitiative.com/advisories/ZDI-19-623/