Sign-up

ID

VAR-201906-0330


CVE

CVE-2019-3954


TITLE

Advantech WebAccess/SCADA Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-005594 // CNNVD: CNNVD-201906-724

DESCRIPTION

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.43

sources: NVD: CVE-2019-3954 // JVNDB: JVNDB-2019-005594 // CNVD: CNVD-2019-18839 // IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // VULHUB: VHN-155389

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // CNVD: CNVD-2019-18839

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:8.4.0

Trust: 1.8

vendor:advantechmodel:webaccess/scadascope:eqversion:8.4.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:8.4.0

Trust: 0.2

sources: IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // CNVD: CNVD-2019-18839 // JVNDB: JVNDB-2019-005594 // NVD: CVE-2019-3954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3954
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3954
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-18839
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-724
value: CRITICAL

Trust: 0.6

IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad
value: CRITICAL

Trust: 0.2

VULHUB: VHN-155389
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3954
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18839
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-155389
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3954
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // CNVD: CNVD-2019-18839 // VULHUB: VHN-155389 // JVNDB: JVNDB-2019-005594 // CNNVD: CNNVD-201906-724 // NVD: CVE-2019-3954

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-155389 // JVNDB: JVNDB-2019-005594 // NVD: CVE-2019-3954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-724

TYPE

Buffer error

Trust: 0.8

sources: IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // CNNVD: CNNVD-201906-724

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005594

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for AdvantechWebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-18839)url:https://www.cnvd.org.cn/patchInfo/show/164439
Trust: 0.6
title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93906
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18839 // 
            
            
            
            JVNDB: JVNDB-2019-005594 // 
            
            
            
            CNNVD: CNNVD-201906-724

EXTERNAL IDS
db:NVDid:CVE-2019-3954
Trust: 3.3
db:TENABLEid:TRA-2019-28
Trust: 3.1
db:CNNVDid:CNNVD-201906-724
Trust: 0.9
db:CNVDid:CNVD-2019-18839
Trust: 0.8
db:JVNDBid:JVNDB-2019-005594
Trust: 0.8
db:IVDid:FD36FFFD-9D2A-4D51-AC7D-BAA7412A79AD
Trust: 0.2
db:VULHUBid:VHN-155389
Trust: 0.1
sources:
            
            
            IVD: fd36fffd-9d2a-4d51-ac7d-baa7412a79ad // 
            
            
            
            CNVD: CNVD-2019-18839 // 
            
            
            
            VULHUB: VHN-155389 // 
            
            
            
            JVNDB: JVNDB-2019-005594 // 
            
            
            
            CNNVD: CNNVD-201906-724 // 
            
            
            
            NVD: CVE-2019-3954

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-28
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-3954
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3954
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-18839 // 
            
            
            
            VULHUB: VHN-155389 // 
            
            
            
            JVNDB: JVNDB-2019-005594 // 
            
            
            
            CNNVD: CNNVD-201906-724 // 
            
            
            
            NVD: CVE-2019-3954

SOURCES
db:IVDid:fd36fffd-9d2a-4d51-ac7d-baa7412a79ad
db:CNVDid:CNVD-2019-18839
db:VULHUBid:VHN-155389
db:JVNDBid:JVNDB-2019-005594
db:CNNVDid:CNNVD-201906-724
db:NVDid:CVE-2019-3954

LAST UPDATE DATE
2024-11-23T22:33:57.134000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18839date:2019-06-21T00:00:00
db:VULHUBid:VHN-155389date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005594date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-724date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3954date:2024-11-21T04:42:56.187

SOURCES RELEASE DATE
db:IVDid:fd36fffd-9d2a-4d51-ac7d-baa7412a79addate:2019-06-21T00:00:00
db:CNVDid:CNVD-2019-18839date:2019-06-21T00:00:00
db:VULHUBid:VHN-155389date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005594date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-724date:2019-06-18T00:00:00
db:NVDid:CVE-2019-3954date:2019-06-19T00:15:13.360