{"api_version":"1","generated_at":"2026-04-23T10:42:01+00:00","cve":"CVE-2020-12022","urls":{"html":"https://cve.report/CVE-2020-12022","api":"https://cve.report/api/cve/CVE-2020-12022.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12022","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12022"},"summary":{"title":"CVE-2020-12022","description":"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-05-08 12:15:00","updated_at":"2020-05-11 20:47:00"},"problem_types":["CWE-129"],"metrics":[],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-598/","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-598/","refsource":"MISC","tags":["Third Party Advisory"],"title":"ZDI-20-598 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-128-01","name":"https://www.us-cert.gov/ics/advisories/icsa-20-128-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Advantech WebAccess Node | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12022","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12022","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"12022","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advantech","cpe5":"webaccess","cpe6":"9.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12022","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advantech","cpe5":"webaccess","cpe6":"9.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12022","vulnerable":"1","versionEndIncluding":"8.4.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advantech","cpe5":"webaccess","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-12022","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Advantech WebAccess Node","version":{"version_data":[{"version_value":"WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER VALIDATION OF ARRAY INDEX CWE-129"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.us-cert.gov/ics/advisories/icsa-20-128-01","url":"https://www.us-cert.gov/ics/advisories/icsa-20-128-01"},{"refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-598/","url":"https://www.zerodayinitiative.com/advisories/ZDI-20-598/"}]},"description":{"description_data":[{"lang":"eng","value":"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed."}]}},"nvd":{"publishedDate":"2020-05-08 12:15:00","lastModifiedDate":"2020-05-11 20:47:00","problem_types":["CWE-129"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:advantech:webaccess:9.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*","versionEndIncluding":"8.4.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12022","Ordinal":"173160","Title":"CVE-2020-12022","CVE":"CVE-2020-12022","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12022","Ordinal":"1","NoteData":"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12022","Ordinal":"2","NoteData":"2020-05-08","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12022","Ordinal":"3","NoteData":"2020-05-08","Type":"Other","Title":"Modified"}]}}}