Sign-up

ID

VAR-201908-2051


TITLE

Advantech WebAccess has arbitrary file deletion vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-27658

DESCRIPTION

Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech of Taiwan, China. Advantech WebAccess has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete arbitrary files

Trust: 0.72

sources: CNVD: CNVD-2019-27658 // IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df // CNVD: CNVD-2019-27658

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessnodescope:eqversion:v8.4.1

Trust: 0.8

sources: IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df // CNVD: CNVD-2019-27658

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-27658
value: MEDIUM

Trust: 0.6

IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2019-27658
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df // CNVD: CNVD-2019-27658

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df

PATCH

title:Advantech WebAccess has arbitrary file deletion vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/171875

Trust: 0.6

sources: CNVD: CNVD-2019-27658

EXTERNAL IDS

db:CNVDid:CNVD-2019-27658

Trust: 0.8

db:IVDid:6BBC0E89-20CB-4A47-BA83-B188E2CF78DF

Trust: 0.2

sources: IVD: 6bbc0e89-20cb-4a47-ba83-b188e2cf78df // CNVD: CNVD-2019-27658

SOURCES

db:IVDid:6bbc0e89-20cb-4a47-ba83-b188e2cf78df
db:CNVDid:CNVD-2019-27658

LAST UPDATE DATE

2022-05-17T02:08:01.477000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-27658date:2019-08-22T00:00:00

SOURCES RELEASE DATE

db:IVDid:6bbc0e89-20cb-4a47-ba83-b188e2cf78dfdate:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27658date:2019-09-08T00:00:00