var-201907-1649
Vulnerability from variot
Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment.
Advantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1649", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "v8.4.0" } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-21293", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7c77153f-d07d-4e76-817d-b2af337a98d6", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "CNVD", "id": "CNVD-2019-21293", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. \n\nAdvantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host", "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" }, { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" } ], "trust": 0.72 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-21293", "trust": 0.8 }, { "db": "IVD", "id": "7C77153F-D07D-4E76-817D-B2AF337A98D6", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "id": "VAR-201907-1649", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "last_update_date": "2022-05-17T01:43:06.712000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess has remote code execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/164987" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-05T00:00:00", "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "date": "2019-08-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-08T00:00:00", "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess has remote code execution vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code injection", "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" } ], "trust": 0.2 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.