Sign-up

ID

VAR-201909-0221


CVE

CVE-2019-3975


TITLE

Advantech WebAccess/SCADA Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-009167

DESCRIPTION

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Advantech WebAccess/SCADA Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer error vulnerability exists in Advantech WebAccess/SCADA version 8.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.43

sources: NVD: CVE-2019-3975 // JVNDB: JVNDB-2019-009167 // CNVD: CNVD-2019-32466 // IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // VULHUB: VHN-155410

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // CNVD: CNVD-2019-32466

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/scadascope:eqversion:8.4.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:eqversion:8.4.1

Trust: 1.0

vendor:webaccessmodel: - scope:eqversion:8.4.1

Trust: 0.2

sources: IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // CNVD: CNVD-2019-32466 // JVNDB: JVNDB-2019-009167 // NVD: CVE-2019-3975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3975
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3975
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32466
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-431
value: CRITICAL

Trust: 0.6

IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad
value: CRITICAL

Trust: 0.2

VULHUB: VHN-155410
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3975
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32466
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-155410
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // CNVD: CNVD-2019-32466 // VULHUB: VHN-155410 // JVNDB: JVNDB-2019-009167 // CNNVD: CNNVD-201909-431 // NVD: CVE-2019-3975

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-120

Trust: 0.9

sources: VULHUB: VHN-155410 // JVNDB: JVNDB-2019-009167 // NVD: CVE-2019-3975

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-431

TYPE

Buffer error

Trust: 0.8

sources: IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // CNNVD: CNNVD-201909-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009167

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32466)url:https://www.cnvd.org.cn/patchInfo/show/181499
Trust: 0.6
title:Advantech WebAccess/SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98025
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32466 // 
            
            
            
            JVNDB: JVNDB-2019-009167 // 
            
            
            
            CNNVD: CNNVD-201909-431

EXTERNAL IDS
db:NVDid:CVE-2019-3975
Trust: 3.3
db:TENABLEid:TRA-2019-41
Trust: 2.5
db:CNNVDid:CNNVD-201909-431
Trust: 0.9
db:CNVDid:CNVD-2019-32466
Trust: 0.8
db:JVNDBid:JVNDB-2019-009167
Trust: 0.8
db:IVDid:6779568D-C80F-445B-BA8E-FA61163D09AD
Trust: 0.2
db:VULHUBid:VHN-155410
Trust: 0.1
sources:
            
            
            IVD: 6779568d-c80f-445b-ba8e-fa61163d09ad // 
            
            
            
            CNVD: CNVD-2019-32466 // 
            
            
            
            VULHUB: VHN-155410 // 
            
            
            
            JVNDB: JVNDB-2019-009167 // 
            
            
            
            CNNVD: CNNVD-201909-431 // 
            
            
            
            NVD: CVE-2019-3975

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-41
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3975
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3975
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-32466 // 
            
            
            
            VULHUB: VHN-155410 // 
            
            
            
            JVNDB: JVNDB-2019-009167 // 
            
            
            
            CNNVD: CNNVD-201909-431 // 
            
            
            
            NVD: CVE-2019-3975

SOURCES
db:IVDid:6779568d-c80f-445b-ba8e-fa61163d09ad
db:CNVDid:CNVD-2019-32466
db:VULHUBid:VHN-155410
db:JVNDBid:JVNDB-2019-009167
db:CNNVDid:CNNVD-201909-431
db:NVDid:CVE-2019-3975

LAST UPDATE DATE
2024-08-14T15:22:57.808000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32466date:2019-09-21T00:00:00
db:VULHUBid:VHN-155410date:2019-09-11T00:00:00
db:JVNDBid:JVNDB-2019-009167date:2019-09-13T00:00:00
db:CNNVDid:CNNVD-201909-431date:2021-07-26T00:00:00
db:NVDid:CVE-2019-3975date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:IVDid:6779568d-c80f-445b-ba8e-fa61163d09addate:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32466date:2019-09-21T00:00:00
db:VULHUBid:VHN-155410date:2019-09-10T00:00:00
db:JVNDBid:JVNDB-2019-009167date:2019-09-13T00:00:00
db:CNNVDid:CNNVD-201909-431date:2019-09-10T00:00:00
db:NVDid:CVE-2019-3975date:2019-09-10T16:15:12.667