CVE-2019-10985
published 2019-06-28CVE-2019-10985: In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in…
PriorityP353critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
3.11%
86.1th percentile
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.3.5 | — |
| webaccess | webaccess_scada | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess/SCADA
cisa_ics·2019-06-27·CVSS 9.1
[CRITICAL] Advantech WebAccess/SCADA
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess/SCADA
Last RevisedJune 27, 2019
Alert CodeICSA-19-178-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess/SCADA
- Vulnerabilities: Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Untrusted Pointer Dereference
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow information disclosure, deletion of files, and remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTE
GHSA
GHSA-gww6-fq7j-fjmw: In WebAccess/SCADA, Versions 8
ghsa_unreviewed·2022-05-24
CVE-2019-10985 [CRITICAL] CWE-22 GHSA-gww6-fq7j-fjmw: In WebAccess/SCADA, Versions 8
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-28
Published