Sign-up

ID

VAR-201904-0182


CVE

CVE-2019-6552


TITLE

Advantech WebAccess/SCADA Command injection vulnerability

Trust: 1.6

sources: IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // CNVD: CNVD-2019-08949 // JVNDB: JVNDB-2019-003120

DESCRIPTION

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple command-injection vulnerabilities 2. A denial-of-service vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities An attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data

Trust: 4.05

sources: NVD: CVE-2019-6552 // JVNDB: JVNDB-2019-003120 // ZDI: ZDI-19-326 // ZDI: ZDI-19-324 // CNVD: CNVD-2019-08949 // BID: 107675 // IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // VULHUB: VHN-157987 // VULMON: CVE-2019-6552

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // CNVD: CNVD-2019-08949

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.3.5 and less

Trust: 0.8

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // ZDI: ZDI-19-326 // ZDI: ZDI-19-324 // CNVD: CNVD-2019-08949 // BID: 107675 // JVNDB: JVNDB-2019-003120 // NVD: CVE-2019-6552

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-6552
value: CRITICAL

Trust: 1.4

nvd@nist.gov: CVE-2019-6552
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6552
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-08949
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-091
value: CRITICAL

Trust: 0.6

IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa
value: CRITICAL

Trust: 0.2

VULHUB: VHN-157987
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6552
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6552
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-08949
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-157987
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-6552
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-6552
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6552
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // ZDI: ZDI-19-326 // ZDI: ZDI-19-324 // CNVD: CNVD-2019-08949 // VULHUB: VHN-157987 // VULMON: CVE-2019-6552 // JVNDB: JVNDB-2019-003120 // CNNVD: CNNVD-201904-091 // NVD: CVE-2019-6552

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-157987 // JVNDB: JVNDB-2019-003120 // NVD: CVE-2019-6552

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-091

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003120

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01
Trust: 1.4
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for Advantech WebAccess/SCADA Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/157943
Trust: 0.6
title:Advantech WebAccess  and Advantech WebAccess/SCADA Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91015
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-326 // 
            
            
            
            ZDI: ZDI-19-324 // 
            
            
            
            CNVD: CNVD-2019-08949 // 
            
            
            
            JVNDB: JVNDB-2019-003120 // 
            
            
            
            CNNVD: CNNVD-201904-091

EXTERNAL IDS
db:NVDid:CVE-2019-6552
Trust: 5.1
db:ICS CERTid:ICSA-19-092-01
Trust: 3.5
db:ZDIid:ZDI-19-326
Trust: 1.3
db:BIDid:107675
Trust: 1.0
db:CNNVDid:CNNVD-201904-091
Trust: 0.9
db:CNVDid:CNVD-2019-08949
Trust: 0.8
db:JVNDBid:JVNDB-2019-003120
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7928
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-7926
Trust: 0.7
db:ZDIid:ZDI-19-324
Trust: 0.7
db:AUSCERTid:ESB-2019.1113
Trust: 0.6
db:IVDid:7965849B-AD7C-448A-ABFE-D9BB6EA63FFA
Trust: 0.2
db:VULHUBid:VHN-157987
Trust: 0.1
db:VULMONid:CVE-2019-6552
Trust: 0.1
sources:
            
            
            IVD: 7965849b-ad7c-448a-abfe-d9bb6ea63ffa // 
            
            
            
            ZDI: ZDI-19-326 // 
            
            
            
            ZDI: ZDI-19-324 // 
            
            
            
            CNVD: CNVD-2019-08949 // 
            
            
            
            VULHUB: VHN-157987 // 
            
            
            
            VULMON: CVE-2019-6552 // 
            
            
            
            BID: 107675 // 
            
            
            
            JVNDB: JVNDB-2019-003120 // 
            
            
            
            CNNVD: CNNVD-201904-091 // 
            
            
            
            NVD: CVE-2019-6552

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-092-01
Trust: 5.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-6552
Trust: 1.4
url:http://www.securityfocus.com/bid/107675
Trust: 1.3
url:https://www.advantech.com/
Trust: 0.9
url:https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv&doc_source=download
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6552
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-19-326/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78318
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-326 // 
            
            
            
            ZDI: ZDI-19-324 // 
            
            
            
            CNVD: CNVD-2019-08949 // 
            
            
            
            VULHUB: VHN-157987 // 
            
            
            
            VULMON: CVE-2019-6552 // 
            
            
            
            BID: 107675 // 
            
            
            
            JVNDB: JVNDB-2019-003120 // 
            
            
            
            CNNVD: CNNVD-201904-091 // 
            
            
            
            NVD: CVE-2019-6552

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 1.4
sources:
            
            
            ZDI: ZDI-19-326 // 
            
            
            
            ZDI: ZDI-19-324

SOURCES
db:IVDid:7965849b-ad7c-448a-abfe-d9bb6ea63ffa
db:ZDIid:ZDI-19-326
db:ZDIid:ZDI-19-324
db:CNVDid:CNVD-2019-08949
db:VULHUBid:VHN-157987
db:VULMONid:CVE-2019-6552
db:BIDid:107675
db:JVNDBid:JVNDB-2019-003120
db:CNNVDid:CNNVD-201904-091
db:NVDid:CVE-2019-6552

LAST UPDATE DATE
2024-08-14T15:02:23.428000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-326date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-324date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-08949date:2019-04-03T00:00:00
db:VULHUBid:VHN-157987date:2020-10-06T00:00:00
db:VULMONid:CVE-2019-6552date:2020-10-06T00:00:00
db:BIDid:107675date:2019-04-02T00:00:00
db:JVNDBid:JVNDB-2019-003120date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201904-091date:2020-10-28T00:00:00
db:NVDid:CVE-2019-6552date:2020-10-06T14:03:58.627

SOURCES RELEASE DATE
db:IVDid:7965849b-ad7c-448a-abfe-d9bb6ea63ffadate:2019-04-03T00:00:00
db:ZDIid:ZDI-19-326date:2019-04-02T00:00:00
db:ZDIid:ZDI-19-324date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-08949date:2019-04-03T00:00:00
db:VULHUBid:VHN-157987date:2019-04-05T00:00:00
db:VULMONid:CVE-2019-6552date:2019-04-05T00:00:00
db:BIDid:107675date:2019-04-02T00:00:00
db:JVNDBid:JVNDB-2019-003120date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201904-091date:2019-04-02T00:00:00
db:NVDid:CVE-2019-6552date:2019-04-05T19:29:00.357