cbcvebase.
CVE-2019-13558
published 2019-09-18

CVE-2019-13558: In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.86%
85.0th percentile
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.

Affected

2 ranges
VendorProductVersion rangeFixed in
advantechwebaccess<= 8.4.1
advantechwebaccess

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2019-13558 is a Code Injection (CWE-94) vulnerability in Advantech WebAccess versions 8.4.1 and prior, exploitable remotely with no authentication required (CVSS v3 9.8, AV:N/AC:L/PR:N/UI:N). Detection should focus on unauthenticated network-based code injection attempts against WebAccess services.
  • No known public exploits specifically targeting CVE-2019-13558 were identified at time of advisory publication; prioritize detection of anomalous code injection patterns in WebAccess network traffic.
  • The vulnerability is exploitable with low skill level and no privileges; monitor for unauthenticated remote connections to Advantech WebAccess HMI platform endpoints, particularly in Critical Manufacturing, Energy, and Water/Wastewater network segments.
  • ·Affected versions are WebAccess 8.4.1 and prior; version 8.4.2 (WebAccessNode) is the patched release. Ensure version identification is part of asset inventory checks.
  • ·The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) confirms no authentication or user interaction is required, meaning the attack surface is fully exposed on any network-accessible WebAccess instance.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.