CVE-2019-13558
published 2019-09-18CVE-2019-13558: In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.86%
85.0th percentile
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.4.1 | — |
| advantech | webaccess | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-13558 is a Code Injection (CWE-94) vulnerability in Advantech WebAccess versions 8.4.1 and prior, exploitable remotely with no authentication required (CVSS v3 9.8, AV:N/AC:L/PR:N/UI:N). Detection should focus on unauthenticated network-based code injection attempts against WebAccess services. ↗
- →No known public exploits specifically targeting CVE-2019-13558 were identified at time of advisory publication; prioritize detection of anomalous code injection patterns in WebAccess network traffic. ↗
- →The vulnerability is exploitable with low skill level and no privileges; monitor for unauthenticated remote connections to Advantech WebAccess HMI platform endpoints, particularly in Critical Manufacturing, Energy, and Water/Wastewater network segments. ↗
- ·Affected versions are WebAccess 8.4.1 and prior; version 8.4.2 (WebAccessNode) is the patched release. Ensure version identification is part of asset inventory checks. ↗
- ·The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) confirms no authentication or user interaction is required, meaning the attack surface is fully exposed on any network-accessible WebAccess instance. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6grp-frv6-xgc9: In WebAccess versions 8
ghsa_unreviewed·2022-05-24
CVE-2019-13558 [HIGH] GHSA-6grp-frv6-xgc9: In WebAccess versions 8
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CISA ICS
Advantech WebAccess
cisa_ics·2019-09-18·CVSS 8.8
[HIGH] Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedSeptember 18, 2019
Alert CodeICSA-19-260-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess
- Vulnerabilities: Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PROD
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-18
Published