Sign-up

ID

VAR-201909-0893


CVE

CVE-2019-16899


TITLE

Advantech WebAccess/HMI Designer Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-009703 // CNNVD: CNNVD-201909-1226

DESCRIPTION

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. Advantech WebAccess/HMI Designer Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. A denial of service vulnerability exists in Advantech WebAccess HMI Designer 2.1.9.31. An attacker could exploit the vulnerability to cause a denial of service. The product has functions such as data transmission, menu editing and text editing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.43

sources: NVD: CVE-2019-16899 // JVNDB: JVNDB-2019-009703 // CNVD: CNVD-2019-41700 // IVD: adc0b208-c1cc-43a8-8720-708747a8807e // VULHUB: VHN-149091

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: adc0b208-c1cc-43a8-8720-708747a8807e // CNVD: CNVD-2019-41700

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess\/hmi designerscope:eqversion:2.1.9.31

Trust: 1.0

vendor:advantechmodel:webaccess/hmiscope:eqversion:2.1.9.31

Trust: 0.8

vendor:advantechmodel:webaccess hmi designerscope:eqversion:2.1.9.31

Trust: 0.6

vendor:webaccess hmi designermodel: - scope:eqversion:2.1.9.31

Trust: 0.2

sources: IVD: adc0b208-c1cc-43a8-8720-708747a8807e // CNVD: CNVD-2019-41700 // JVNDB: JVNDB-2019-009703 // NVD: CVE-2019-16899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16899
value: HIGH

Trust: 1.0

NVD: CVE-2019-16899
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41700
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-1226
value: HIGH

Trust: 0.6

IVD: adc0b208-c1cc-43a8-8720-708747a8807e
value: HIGH

Trust: 0.2

VULHUB: VHN-149091
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16899
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: adc0b208-c1cc-43a8-8720-708747a8807e
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-149091
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16899
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-16899
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: adc0b208-c1cc-43a8-8720-708747a8807e // CNVD: CNVD-2019-41700 // VULHUB: VHN-149091 // JVNDB: JVNDB-2019-009703 // CNNVD: CNNVD-201909-1226 // NVD: CVE-2019-16899

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-149091 // JVNDB: JVNDB-2019-009703 // NVD: CVE-2019-16899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1226

TYPE

Buffer error

Trust: 0.8

sources: IVD: adc0b208-c1cc-43a8-8720-708747a8807e // CNNVD: CNNVD-201909-1226

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009703

PATCH
title:Advantech WebAccess/HMIurl:https://www.advantech.com/industrial-automation/webaccess/webaccesshmi
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009703

EXTERNAL IDS
db:NVDid:CVE-2019-16899
Trust: 3.3
db:CNNVDid:CNNVD-201909-1226
Trust: 0.9
db:CNVDid:CNVD-2019-41700
Trust: 0.8
db:JVNDBid:JVNDB-2019-009703
Trust: 0.8
db:IVDid:ADC0B208-C1CC-43A8-8720-708747A8807E
Trust: 0.2
db:VULHUBid:VHN-149091
Trust: 0.1
sources:
            
            
            IVD: adc0b208-c1cc-43a8-8720-708747a8807e // 
            
            
            
            CNVD: CNVD-2019-41700 // 
            
            
            
            VULHUB: VHN-149091 // 
            
            
            
            JVNDB: JVNDB-2019-009703 // 
            
            
            
            CNNVD: CNNVD-201909-1226 // 
            
            
            
            NVD: CVE-2019-16899

REFERENCES
url:http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-16899
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16899
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41700 // 
            
            
            
            VULHUB: VHN-149091 // 
            
            
            
            JVNDB: JVNDB-2019-009703 // 
            
            
            
            CNNVD: CNNVD-201909-1226 // 
            
            
            
            NVD: CVE-2019-16899

SOURCES
db:IVDid:adc0b208-c1cc-43a8-8720-708747a8807e
db:CNVDid:CNVD-2019-41700
db:VULHUBid:VHN-149091
db:JVNDBid:JVNDB-2019-009703
db:CNNVDid:CNNVD-201909-1226
db:NVDid:CVE-2019-16899

LAST UPDATE DATE
2024-11-23T22:41:20.462000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41700date:2019-11-21T00:00:00
db:VULHUBid:VHN-149091date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009703date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1226date:2020-08-25T00:00:00
db:NVDid:CVE-2019-16899date:2024-11-21T04:31:18.047

SOURCES RELEASE DATE
db:IVDid:adc0b208-c1cc-43a8-8720-708747a8807edate:2019-11-21T00:00:00
db:CNVDid:CNVD-2019-41700date:2019-11-21T00:00:00
db:VULHUBid:VHN-149091date:2019-09-26T00:00:00
db:JVNDBid:JVNDB-2019-009703date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1226date:2019-09-25T00:00:00
db:NVDid:CVE-2019-16899date:2019-09-26T01:15:11.230