CVE-2019-13550
published 2019-09-18CVE-2019-13550: In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.85%
84.9th percentile
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.4.1 | — |
| advantech | webaccess | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess
cisa_ics·2019-09-18·CVSS 8.8
[HIGH] Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedSeptember 18, 2019
Alert CodeICSA-19-260-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess
- Vulnerabilities: Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PROD
GHSA
GHSA-q8w9-qjmv-6m86: In WebAccess, versions 8
ghsa_unreviewed·2022-05-24
CVE-2019-13550 [CRITICAL] CWE-285 GHSA-q8w9-qjmv-6m86: In WebAccess, versions 8
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-18
Published