Sign-up

ID

VAR-201308-0031


CVE

CVE-2013-2299


TITLE

Advantech WebAccess HMI/SCADA Unknown Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201301-127

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess HMI/SCADA has an unidentified cross-site script. Advantech WebAccess HMI/SCADA is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Advantech WebAccess HMI/SCADA 7.0 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 2.7

sources: NVD: CVE-2013-2299 // JVNDB: JVNDB-2013-003848 // CNVD: CNVD-2013-00217 // BID: 57227 // IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62301

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00217

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:5.0

Trust: 1.6

vendor:advantechmodel:webaccessscope:eqversion:6.0

Trust: 1.6

vendor:advantechmodel:webaccessscope:lteversion:7.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:ltversion:7.1 2013.05.30

Trust: 0.8

vendor:advantechmodel:webaccess hmi/scada softwarescope:eqversion:7.0-2012.12.05

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.0

Trust: 0.6

vendor:advantech webaccessmodel: - scope:eqversion:5.0

Trust: 0.2

vendor:advantech webaccessmodel: - scope:eqversion:6.0

Trust: 0.2

vendor:advantech webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00217 // JVNDB: JVNDB-2013-003848 // CNNVD: CNNVD-201301-127 // NVD: CVE-2013-2299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2299
value: LOW

Trust: 1.0

NVD: CVE-2013-2299
value: LOW

Trust: 0.8

CNNVD: CNNVD-201301-127
value: LOW

Trust: 0.6

IVD: bd2522e8-2352-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-62301
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-2299
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: bd2522e8-2352-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62301
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62301 // JVNDB: JVNDB-2013-003848 // CNNVD: CNNVD-201301-127 // NVD: CVE-2013-2299

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-62301 // JVNDB: JVNDB-2013-003848 // NVD: CVE-2013-2299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-127

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201301-127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003848

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-62301

PATCH
title:Top Pageurl:http://www.advantech.com/default.aspx
Trust: 0.8
title:パートナー情報url:http://www.advantech.co.jp/support-AJP/distributors.asp
Trust: 0.8
title:Advantechアドバンテック株式会社url:http://www.advantech.co.jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003848

EXTERNAL IDS
db:NVDid:CVE-2013-2299
Trust: 3.6
db:ICS CERTid:ICSA-13-225-01
Trust: 2.5
db:BIDid:57227
Trust: 1.6
db:CNNVDid:CNNVD-201301-127
Trust: 0.9
db:CNVDid:CNVD-2013-00217
Trust: 0.8
db:JVNDBid:JVNDB-2013-003848
Trust: 0.8
db:IVDid:BD2522E8-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:EXPLOIT-DBid:23968
Trust: 0.1
db:SEEBUGid:SSVID-77711
Trust: 0.1
db:VULHUBid:VHN-62301
Trust: 0.1
sources:
            
            
            IVD: bd2522e8-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-00217 // 
            
            
            
            VULHUB: VHN-62301 // 
            
            
            
            BID: 57227 // 
            
            
            
            JVNDB: JVNDB-2013-003848 // 
            
            
            
            CNNVD: CNNVD-201301-127 // 
            
            
            
            NVD: CVE-2013-2299

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-225-01
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2299
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2299
Trust: 0.8
url:http://www.securityfocus.com/bid/57227/
Trust: 0.6
url:http://www.securityfocus.com/bid/57227
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-00217 // 
            
            
            
            VULHUB: VHN-62301 // 
            
            
            
            JVNDB: JVNDB-2013-003848 // 
            
            
            
            CNNVD: CNNVD-201301-127 // 
            
            
            
            NVD: CVE-2013-2299

CREDITS
Antu Sanadi of SecPod Technologies
Trust: 0.9
sources:
            
            
            BID: 57227 // 
            
            
            
            CNNVD: CNNVD-201301-127

SOURCES
db:IVDid:bd2522e8-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-00217
db:VULHUBid:VHN-62301
db:BIDid:57227
db:JVNDBid:JVNDB-2013-003848
db:CNNVDid:CNNVD-201301-127
db:NVDid:CVE-2013-2299

LAST UPDATE DATE
2024-08-14T15:08:53.513000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-00217date:2013-01-14T00:00:00
db:VULHUBid:VHN-62301date:2013-08-23T00:00:00
db:BIDid:57227date:2013-08-14T06:06:00
db:JVNDBid:JVNDB-2013-003848date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201301-127date:2013-08-26T00:00:00
db:NVDid:CVE-2013-2299date:2013-08-23T13:37:02.987

SOURCES RELEASE DATE
db:IVDid:bd2522e8-2352-11e6-abef-000c29c66e3ddate:2013-01-14T00:00:00
db:CNVDid:CNVD-2013-00217date:2013-01-14T00:00:00
db:VULHUBid:VHN-62301date:2013-08-22T00:00:00
db:BIDid:57227date:2013-01-09T00:00:00
db:JVNDBid:JVNDB-2013-003848date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201301-127date:2013-01-11T00:00:00
db:NVDid:CVE-2013-2299date:2013-08-22T05:34:59.940