Sign-up

ID

VAR-201906-0329


CVE

CVE-2019-3953


TITLE

Advantech WebAccess/SCADA Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-005593 // CNNVD: CNNVD-201906-719

DESCRIPTION

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack-based buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.43

sources: NVD: CVE-2019-3953 // JVNDB: JVNDB-2019-005593 // CNVD: CNVD-2019-18756 // IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // VULHUB: VHN-155388

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // CNVD: CNVD-2019-18756

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:8.4.0

Trust: 1.8

vendor:advantechmodel:webaccess/scadascope:eqversion:8.4.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:8.4.0

Trust: 0.2

sources: IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // CNVD: CNVD-2019-18756 // JVNDB: JVNDB-2019-005593 // NVD: CVE-2019-3953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3953
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3953
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-18756
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-719
value: CRITICAL

Trust: 0.6

IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260
value: CRITICAL

Trust: 0.2

VULHUB: VHN-155388
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3953
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18756
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-155388
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3953
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // CNVD: CNVD-2019-18756 // VULHUB: VHN-155388 // JVNDB: JVNDB-2019-005593 // CNNVD: CNNVD-201906-719 // NVD: CVE-2019-3953

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-155388 // JVNDB: JVNDB-2019-005593 // NVD: CVE-2019-3953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-719

TYPE

Buffer error

Trust: 0.8

sources: IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // CNNVD: CNNVD-201906-719

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005593

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for AdvantechWebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-18756)url:https://www.cnvd.org.cn/patchInfo/show/164241
Trust: 0.6
title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93903
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18756 // 
            
            
            
            JVNDB: JVNDB-2019-005593 // 
            
            
            
            CNNVD: CNNVD-201906-719

EXTERNAL IDS
db:NVDid:CVE-2019-3953
Trust: 3.3
db:TENABLEid:TRA-2019-28
Trust: 2.4
db:TENABLEid:TRA-2019-17
Trust: 2.3
db:CNNVDid:CNNVD-201906-719
Trust: 0.9
db:CNVDid:CNVD-2019-18756
Trust: 0.8
db:JVNDBid:JVNDB-2019-005593
Trust: 0.8
db:IVDid:FA262F58-BB0D-42B5-8FE7-AB4F4FA95260
Trust: 0.2
db:VULHUBid:VHN-155388
Trust: 0.1
sources:
            
            
            IVD: fa262f58-bb0d-42b5-8fe7-ab4f4fa95260 // 
            
            
            
            CNVD: CNVD-2019-18756 // 
            
            
            
            VULHUB: VHN-155388 // 
            
            
            
            JVNDB: JVNDB-2019-005593 // 
            
            
            
            CNNVD: CNNVD-201906-719 // 
            
            
            
            NVD: CVE-2019-3953

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-28
Trust: 2.4
url:https://www.tenable.com/security/research/tra-2019-17
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3953
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3953
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-18756 // 
            
            
            
            VULHUB: VHN-155388 // 
            
            
            
            JVNDB: JVNDB-2019-005593 // 
            
            
            
            CNNVD: CNNVD-201906-719 // 
            
            
            
            NVD: CVE-2019-3953

SOURCES
db:IVDid:fa262f58-bb0d-42b5-8fe7-ab4f4fa95260
db:CNVDid:CNVD-2019-18756
db:VULHUBid:VHN-155388
db:JVNDBid:JVNDB-2019-005593
db:CNNVDid:CNNVD-201906-719
db:NVDid:CVE-2019-3953

LAST UPDATE DATE
2024-08-14T13:55:20.946000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18756date:2019-06-21T00:00:00
db:VULHUBid:VHN-155388date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005593date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-719date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3953date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:IVDid:fa262f58-bb0d-42b5-8fe7-ab4f4fa95260date:2019-06-21T00:00:00
db:CNVDid:CNVD-2019-18756date:2019-06-21T00:00:00
db:VULHUBid:VHN-155388date:2019-06-18T00:00:00
db:JVNDBid:JVNDB-2019-005593date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-719date:2019-06-18T00:00:00
db:NVDid:CVE-2019-3953date:2019-06-18T23:15:10.527