CVE-2019-13547
published 2019-10-31CVE-2019-13547: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.30%
87.0th percentile
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | wise-paas_rmm | <= 3.3.29 | — |
| advantech_wise-paas | rmm | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WISE-PaaS/RMM
cisa_ics·2019-10-31·CVSS 9.8
[CRITICAL] Advantech WISE-PaaS/RMM
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WISE-PaaS/RMM
Last RevisedOctober 31, 2019
Alert CodeICSA-19-304-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WISE-PaaS/RMM
- Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The followin
GHSA
GHSA-v925-wgm3-fvwf: Advantech WISE-PaaS/RMM, Versions 3
ghsa_unreviewed·2022-05-24
CVE-2019-13547 [CRITICAL] CWE-306 GHSA-v925-wgm3-fvwf: Advantech WISE-PaaS/RMM, Versions 3
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-10-31
Published