CVE-2019-13551
published 2019-10-31CVE-2019-13551: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.91%
91.0th percentile
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | wise-paas_rmm | <= 3.3.29 | — |
| advantech_wise-paas | rmm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-13551 is a path traversal vulnerability in Advantech WISE-PaaS/RMM versions 3.3.29 and prior. Detect exploitation attempts by monitoring for path traversal patterns in HTTP requests directed at the RMM platform, particularly those arriving on Port 1880/TCP. ↗
- →The vulnerability is exploitable remotely with no authentication required (CVSS PR:N, UI:N). Monitor for unauthenticated remote requests to the WISE-PaaS/RMM service, especially those containing directory traversal sequences (e.g., '../') in file operation parameters. ↗
- →Block or alert on all external/internet-facing access to Advantech WISE-PaaS/RMM instances. The advisory explicitly warns the product should not be accessible from the Internet. ↗
- ·Advantech phased out WISE-PaaS/RMM in July 2019; any remaining deployments of version 3.3.29 or prior are unpatched and permanently end-of-life. Detection should focus on identifying any surviving instances still running on the network. ↗
- ·No known public exploits specifically targeting CVE-2019-13551 were identified at the time of the advisory (October 2019), but the low skill level required and CVSS 9.8 score make it a high-priority detection target. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WISE-PaaS/RMM
cisa_ics·2019-10-31·CVSS 9.8
[CRITICAL] Advantech WISE-PaaS/RMM
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WISE-PaaS/RMM
Last RevisedOctober 31, 2019
Alert CodeICSA-19-304-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WISE-PaaS/RMM
- Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The followin
GHSA
GHSA-f62c-wvq9-x8vg: Advantech WISE-PaaS/RMM, Versions 3
ghsa_unreviewed·2022-05-24
CVE-2019-13551 [CRITICAL] CWE-22 GHSA-f62c-wvq9-x8vg: Advantech WISE-PaaS/RMM, Versions 3
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.us-cert.gov/ics/advisories/icsa-19-304-01https://www.zerodayinitiative.com/advisories/ZDI-19-935/https://www.zerodayinitiative.com/advisories/ZDI-19-941/https://www.zerodayinitiative.com/advisories/ZDI-19-950/https://www.zerodayinitiative.com/advisories/ZDI-19-958/https://www.us-cert.gov/ics/advisories/icsa-19-304-01https://www.zerodayinitiative.com/advisories/ZDI-19-935/https://www.zerodayinitiative.com/advisories/ZDI-19-941/https://www.zerodayinitiative.com/advisories/ZDI-19-950/https://www.zerodayinitiative.com/advisories/ZDI-19-958/
2019-10-31
Published