Details of VAR-201909-1518

ID

VAR-201909-1518

CVE

CVE-2019-13552

TITLE

Advantech WebAccess Command injection vulnerability

Trust: 1.4

sources: IVD: 38c31d8a-9fc9-46ad-a7ff-1a442f559682 // CNVD: CNVD-2019-32468 // CNNVD: CNNVD-201909-834

DESCRIPTION

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 4.32

sources: NVD: CVE-2019-13552 // JVNDB: JVNDB-2019-009506 // ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNVD: CNVD-2019-32468 // IVD: 38c31d8a-9fc9-46ad-a7ff-1a442f559682 // VULHUB: VHN-145410

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 38c31d8a-9fc9-46ad-a7ff-1a442f559682 // CNVD: CNVD-2019-32468

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 2.1
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.4.1	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	lte	version:	<=8.4.1	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 38c31d8a-9fc9-46ad-a7ff-1a442f559682 // ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNVD: CNVD-2019-32468 // JVNDB: JVNDB-2019-009506 // NVD: CVE-2019-13552

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-13552
value:	MEDIUM
Trust: 1.4
nvd@nist.gov:	CVE-2019-13552
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13552
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-13552
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2019-32468
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201909-834
value:	HIGH
Trust: 0.6
IVD:	38c31d8a-9fc9-46ad-a7ff-1a442f559682
value:	HIGH
Trust: 0.2
VULHUB:	VHN-145410
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13552
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32468
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	38c31d8a-9fc9-46ad-a7ff-1a442f559682
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-145410
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-13552
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2019-13552
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13552
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-13552
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 38c31d8a-9fc9-46ad-a7ff-1a442f559682 // ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNVD: CNVD-2019-32468 // VULHUB: VHN-145410 // JVNDB: JVNDB-2019-009506 // CNNVD: CNNVD-201909-834 // NVD: CVE-2019-13552

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 0.9

sources: VULHUB: VHN-145410 // JVNDB: JVNDB-2019-009506 // NVD: CVE-2019-13552

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-834

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-834

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009506

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-260-01	Trust: 2.1
title:	Advantech WebAccess	url:	https://www.advantech.co.jp/industrial-automation/webaccess	Trust: 0.8
title:	Advantech WebAccess command injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/181511	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98363	Trust: 0.6

sources: ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNVD: CNVD-2019-32468 // JVNDB: JVNDB-2019-009506 // CNNVD: CNNVD-201909-834

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13552	Trust: 5.4
db:	ICS CERT	id:	ICSA-19-260-01	Trust: 3.1
db:	ZDI	id:	ZDI-19-846	Trust: 1.3
db:	CNNVD	id:	CNNVD-201909-834	Trust: 0.9
db:	CNVD	id:	CNVD-2019-32468	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-009506	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9271	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9270	Trust: 0.7
db:	ZDI	id:	ZDI-19-845	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9269	Trust: 0.7
db:	ZDI	id:	ZDI-19-844	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3558	Trust: 0.6
db:	IVD	id:	38C31D8A-9FC9-46AD-A7FF-1A442F559682	Trust: 0.2
db:	VULHUB	id:	VHN-145410	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-260-01	Trust: 5.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13552	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13552	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-19-846/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3558/	Trust: 0.6

sources: ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNVD: CNVD-2019-32468 // VULHUB: VHN-145410 // JVNDB: JVNDB-2019-009506 // CNNVD: CNNVD-201909-834 // NVD: CVE-2019-13552

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 2.7

sources: ZDI: ZDI-19-846 // ZDI: ZDI-19-845 // ZDI: ZDI-19-844 // CNNVD: CNNVD-201909-834

SOURCES

db:	IVD	id:	38c31d8a-9fc9-46ad-a7ff-1a442f559682
db:	ZDI	id:	ZDI-19-846
db:	ZDI	id:	ZDI-19-845
db:	ZDI	id:	ZDI-19-844
db:	CNVD	id:	CNVD-2019-32468
db:	VULHUB	id:	VHN-145410
db:	JVNDB	id:	JVNDB-2019-009506
db:	CNNVD	id:	CNNVD-201909-834
db:	NVD	id:	CVE-2019-13552

LAST UPDATE DATE

2024-11-23T22:48:14.608000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-846	date:	2019-09-17T00:00:00
db:	ZDI	id:	ZDI-19-845	date:	2019-09-17T00:00:00
db:	ZDI	id:	ZDI-19-844	date:	2019-09-17T00:00:00
db:	CNVD	id:	CNVD-2019-32468	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-145410	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-009506	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-834	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-13552	date:	2024-11-21T04:25:07.977

SOURCES RELEASE DATE

db:	IVD	id:	38c31d8a-9fc9-46ad-a7ff-1a442f559682	date:	2019-09-21T00:00:00
db:	ZDI	id:	ZDI-19-846	date:	2019-09-17T00:00:00
db:	ZDI	id:	ZDI-19-845	date:	2019-09-17T00:00:00
db:	ZDI	id:	ZDI-19-844	date:	2019-09-17T00:00:00
db:	CNVD	id:	CNVD-2019-32468	date:	2019-09-21T00:00:00
db:	VULHUB	id:	VHN-145410	date:	2019-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-009506	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-834	date:	2019-09-17T00:00:00
db:	NVD	id:	CVE-2019-13552	date:	2019-09-18T21:15:13.017