Sign-up

ID

VAR-201909-0988


CVE

CVE-2019-13550


TITLE

WebAccess Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-009505

DESCRIPTION

In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. WebAccess Contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment

Trust: 2.43

sources: NVD: CVE-2019-13550 // JVNDB: JVNDB-2019-009505 // CNVD: CNVD-2019-32470 // IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4 // VULHUB: VHN-145408

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4 // CNVD: CNVD-2019-32470

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.4.1

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:<=8.4.1

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4 // CNVD: CNVD-2019-32470 // JVNDB: JVNDB-2019-009505 // NVD: CVE-2019-13550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13550
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13550
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32470
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-833
value: CRITICAL

Trust: 0.6

IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4
value: CRITICAL

Trust: 0.2

VULHUB: VHN-145408
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13550
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32470
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-145408
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13550
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13550
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4 // CNVD: CNVD-2019-32470 // VULHUB: VHN-145408 // JVNDB: JVNDB-2019-009505 // CNNVD: CNNVD-201909-833 // NVD: CVE-2019-13550

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-863

Trust: 0.9

sources: VULHUB: VHN-145408 // JVNDB: JVNDB-2019-009505 // NVD: CVE-2019-13550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-833

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-833

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009505

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for Advantech WebAccess Licensing Vulnerability (CNVD-2019-32470)url:https://www.cnvd.org.cn/patchInfo/show/181515
Trust: 0.6
title:Advantech WebAccess Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98362
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32470 // 
            
            
            
            JVNDB: JVNDB-2019-009505 // 
            
            
            
            CNNVD: CNNVD-201909-833

EXTERNAL IDS
db:NVDid:CVE-2019-13550
Trust: 3.3
db:ICS CERTid:ICSA-19-260-01
Trust: 3.1
db:CNNVDid:CNNVD-201909-833
Trust: 0.9
db:CNVDid:CNVD-2019-32470
Trust: 0.8
db:JVNDBid:JVNDB-2019-009505
Trust: 0.8
db:AUSCERTid:ESB-2019.3558
Trust: 0.6
db:IVDid:CA3E2EB5-BC1D-4EE8-91F5-7A25E18DD5F4
Trust: 0.2
db:VULHUBid:VHN-145408
Trust: 0.1
sources:
            
            
            IVD: ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4 // 
            
            
            
            CNVD: CNVD-2019-32470 // 
            
            
            
            VULHUB: VHN-145408 // 
            
            
            
            JVNDB: JVNDB-2019-009505 // 
            
            
            
            CNNVD: CNNVD-201909-833 // 
            
            
            
            NVD: CVE-2019-13550

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-260-01
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13550
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13550
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3558/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32470 // 
            
            
            
            VULHUB: VHN-145408 // 
            
            
            
            JVNDB: JVNDB-2019-009505 // 
            
            
            
            CNNVD: CNNVD-201909-833 // 
            
            
            
            NVD: CVE-2019-13550

SOURCES
db:IVDid:ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4
db:CNVDid:CNVD-2019-32470
db:VULHUBid:VHN-145408
db:JVNDBid:JVNDB-2019-009505
db:CNNVDid:CNNVD-201909-833
db:NVDid:CVE-2019-13550

LAST UPDATE DATE
2024-08-14T14:56:40.704000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32470date:2019-09-21T00:00:00
db:VULHUBid:VHN-145408date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-009505date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-833date:2020-10-21T00:00:00
db:NVDid:CVE-2019-13550date:2020-10-16T13:19:03.947

SOURCES RELEASE DATE
db:IVDid:ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4date:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32470date:2019-09-21T00:00:00
db:VULHUBid:VHN-145408date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-009505date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-833date:2019-09-17T00:00:00
db:NVDid:CVE-2019-13550date:2019-09-18T21:15:12.937