ID
VAR-E-201904-0181
CVE
| cve_id: | CVE-2019-3941 | Trust: 0.3 |
| cve_id: | CVE-2019-3940 | Trust: 0.3 |
TITLE
Advantech WebAccess Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Advantech WebAccess is prone to the following security vulnerabilities:
1. An arbitrary file-download vulnerability
2. An arbitrary file-upload vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files and perform certain unauthorized actions. This may aid in further attacks.
Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess/scada | scope: | eq | version: | 8.3.4 | Trust: 0.3 |
| vendor: | advantech | model: | webaccess/scada | scope: | ne | version: | 8.3.5 | Trust: 0.3 |
EXPLOIT
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Tenable
Trust: 0.3
EXTERNAL IDS
| db: | TENABLE | id: | TRA-2019-15 | Trust: 0.3 |
| db: | NVD | id: | CVE-2019-3941 | Trust: 0.3 |
| db: | NVD | id: | CVE-2019-3940 | Trust: 0.3 |
| db: | BID | id: | 107847 | Trust: 0.3 |
REFERENCES
| url: | http://webaccess.advantech.com | Trust: 0.3 |
| url: | https://www.tenable.com/security/research/tra-2019-15 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 107847 |
LAST UPDATE DATE
2022-07-27T09:14:56.718000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 107847 | date: | 2019-04-03T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 107847 | date: | 2019-04-03T00:00:00 |