Details of VAR-201907-1649

ID

VAR-201907-1649

TITLE

Advantech WebAccess has remote code execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-21293

DESCRIPTION

Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host

Trust: 0.72

sources: CNVD: CNVD-2019-21293 // IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6 // CNVD: CNVD-2019-21293

AFFECTED PRODUCTS

vendor:

advantech

model:

webaccess

scope:

version:

v8.4.0

Trust: 0.8

sources: IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6 // CNVD: CNVD-2019-21293

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-21293
value:	HIGH
Trust: 0.6
IVD:	7c77153f-d07d-4e76-817d-b2af337a98d6
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2019-21293
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7c77153f-d07d-4e76-817d-b2af337a98d6
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6 // CNVD: CNVD-2019-21293

TYPE

Code injection

Trust: 0.2

sources: IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6

PATCH

title:

Advantech WebAccess has remote code execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/164987

Trust: 0.6

sources: CNVD: CNVD-2019-21293

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-21293	Trust: 0.8
db:	IVD	id:	7C77153F-D07D-4E76-817D-B2AF337A98D6	Trust: 0.2

sources: IVD: 7c77153f-d07d-4e76-817d-b2af337a98d6 // CNVD: CNVD-2019-21293

SOURCES

db:	IVD	id:	7c77153f-d07d-4e76-817d-b2af337a98d6
db:	CNVD	id:	CNVD-2019-21293

LAST UPDATE DATE

2022-05-17T01:43:06.712000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-21293

date:

2019-07-08T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7c77153f-d07d-4e76-817d-b2af337a98d6	date:	2019-07-05T00:00:00
db:	CNVD	id:	CNVD-2019-21293	date:	2019-08-04T00:00:00