Sign-up

ID

VAR-201909-0990


CVE

CVE-2019-13558


TITLE

Advantech WebAccess Code injection vulnerability

Trust: 1.4

sources: IVD: 20b1247f-1646-4108-bc5a-96d773650351 // CNVD: CNVD-2019-32467 // CNNVD: CNNVD-201909-843

DESCRIPTION

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. WebAccess Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 2.43

sources: NVD: CVE-2019-13558 // JVNDB: JVNDB-2019-009492 // CNVD: CNVD-2019-32467 // IVD: 20b1247f-1646-4108-bc5a-96d773650351 // VULHUB: VHN-145416

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 20b1247f-1646-4108-bc5a-96d773650351 // CNVD: CNVD-2019-32467

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.4.1

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:<=8.4.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2014.01.24

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.11.14

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.11.01

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2014.01.20

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.10.30

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:6.0-2008.05.15

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.12.15

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.10.24

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2014.01.10

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2-2013.10.28

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 20b1247f-1646-4108-bc5a-96d773650351 // CNVD: CNVD-2019-32467 // JVNDB: JVNDB-2019-009492 // CNNVD: CNNVD-201909-843 // NVD: CVE-2019-13558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13558
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13558
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32467
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-843
value: CRITICAL

Trust: 0.6

IVD: 20b1247f-1646-4108-bc5a-96d773650351
value: CRITICAL

Trust: 0.2

VULHUB: VHN-145416
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13558
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32467
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 20b1247f-1646-4108-bc5a-96d773650351
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-145416
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13558
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13558
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 20b1247f-1646-4108-bc5a-96d773650351 // CNVD: CNVD-2019-32467 // VULHUB: VHN-145416 // JVNDB: JVNDB-2019-009492 // CNNVD: CNNVD-201909-843 // NVD: CVE-2019-13558

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-145416 // JVNDB: JVNDB-2019-009492 // NVD: CVE-2019-13558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-843

TYPE

Code injection

Trust: 0.8

sources: IVD: 20b1247f-1646-4108-bc5a-96d773650351 // CNNVD: CNNVD-201909-843

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009492

PATCH
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Advantech WebAccess code injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/181505
Trust: 0.6
title:Advantech WebAccess Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98371
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32467 // 
            
            
            
            JVNDB: JVNDB-2019-009492 // 
            
            
            
            CNNVD: CNNVD-201909-843

EXTERNAL IDS
db:NVDid:CVE-2019-13558
Trust: 3.3
db:ICS CERTid:ICSA-19-260-01
Trust: 3.1
db:CNNVDid:CNNVD-201909-843
Trust: 0.9
db:CNVDid:CNVD-2019-32467
Trust: 0.8
db:JVNDBid:JVNDB-2019-009492
Trust: 0.8
db:AUSCERTid:ESB-2019.3558
Trust: 0.6
db:IVDid:20B1247F-1646-4108-BC5A-96D773650351
Trust: 0.2
db:VULHUBid:VHN-145416
Trust: 0.1
sources:
            
            
            IVD: 20b1247f-1646-4108-bc5a-96d773650351 // 
            
            
            
            CNVD: CNVD-2019-32467 // 
            
            
            
            VULHUB: VHN-145416 // 
            
            
            
            JVNDB: JVNDB-2019-009492 // 
            
            
            
            CNNVD: CNNVD-201909-843 // 
            
            
            
            NVD: CVE-2019-13558

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-260-01
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13558
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13558
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3558/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32467 // 
            
            
            
            VULHUB: VHN-145416 // 
            
            
            
            JVNDB: JVNDB-2019-009492 // 
            
            
            
            CNNVD: CNNVD-201909-843 // 
            
            
            
            NVD: CVE-2019-13558

SOURCES
db:IVDid:20b1247f-1646-4108-bc5a-96d773650351
db:CNVDid:CNVD-2019-32467
db:VULHUBid:VHN-145416
db:JVNDBid:JVNDB-2019-009492
db:CNNVDid:CNNVD-201909-843
db:NVDid:CVE-2019-13558

LAST UPDATE DATE
2024-08-14T14:56:40.839000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32467date:2019-09-21T00:00:00
db:VULHUBid:VHN-145416date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009492date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-843date:2019-09-30T00:00:00
db:NVDid:CVE-2019-13558date:2019-10-09T23:46:35.077

SOURCES RELEASE DATE
db:IVDid:20b1247f-1646-4108-bc5a-96d773650351date:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32467date:2019-09-21T00:00:00
db:VULHUBid:VHN-145416date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-009492date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-843date:2019-09-17T00:00:00
db:NVDid:CVE-2019-13558date:2019-09-18T22:15:11.293