Sign-up

ID

VAR-201909-0894


CVE

CVE-2019-16900


TITLE

Advantech WebAccess/HMI Designer Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-009702 // CNNVD: CNNVD-201909-1227

DESCRIPTION

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. Advantech WebAccess/HMI Designer Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. An attacker could exploit the vulnerability to cause a denial of service. The product has functions such as data transmission, menu editing and text editing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.43

sources: NVD: CVE-2019-16900 // JVNDB: JVNDB-2019-009702 // CNVD: CNVD-2019-41699 // IVD: 48149412-a680-47a7-bb82-8f2c80712997 // VULHUB: VHN-149093

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 48149412-a680-47a7-bb82-8f2c80712997 // CNVD: CNVD-2019-41699

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess\/hmi designerscope:eqversion:2.1.9.31

Trust: 1.0

vendor:advantechmodel:webaccess/hmiscope:eqversion:2.1.9.31

Trust: 0.8

vendor:advantechmodel:webaccess hmi designerscope:eqversion:2.1.9.31

Trust: 0.6

vendor:webaccess hmi designermodel: - scope:eqversion:2.1.9.31

Trust: 0.2

sources: IVD: 48149412-a680-47a7-bb82-8f2c80712997 // CNVD: CNVD-2019-41699 // JVNDB: JVNDB-2019-009702 // NVD: CVE-2019-16900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16900
value: HIGH

Trust: 1.0

NVD: CVE-2019-16900
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41699
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-1227
value: HIGH

Trust: 0.6

IVD: 48149412-a680-47a7-bb82-8f2c80712997
value: HIGH

Trust: 0.2

VULHUB: VHN-149093
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16900
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41699
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 48149412-a680-47a7-bb82-8f2c80712997
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-149093
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16900
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-16900
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 48149412-a680-47a7-bb82-8f2c80712997 // CNVD: CNVD-2019-41699 // VULHUB: VHN-149093 // JVNDB: JVNDB-2019-009702 // CNNVD: CNNVD-201909-1227 // NVD: CVE-2019-16900

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-149093 // JVNDB: JVNDB-2019-009702 // NVD: CVE-2019-16900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1227

TYPE

Buffer error

Trust: 0.8

sources: IVD: 48149412-a680-47a7-bb82-8f2c80712997 // CNNVD: CNNVD-201909-1227

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009702

PATCH
title:Advantech WebAccess/HMIurl:https://www.advantech.com/industrial-automation/webaccess/webaccesshmi
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009702

EXTERNAL IDS
db:NVDid:CVE-2019-16900
Trust: 3.3
db:CNNVDid:CNNVD-201909-1227
Trust: 0.9
db:CNVDid:CNVD-2019-41699
Trust: 0.8
db:JVNDBid:JVNDB-2019-009702
Trust: 0.8
db:IVDid:48149412-A680-47A7-BB82-8F2C80712997
Trust: 0.2
db:VULHUBid:VHN-149093
Trust: 0.1
sources:
            
            
            IVD: 48149412-a680-47a7-bb82-8f2c80712997 // 
            
            
            
            CNVD: CNVD-2019-41699 // 
            
            
            
            VULHUB: VHN-149093 // 
            
            
            
            JVNDB: JVNDB-2019-009702 // 
            
            
            
            CNNVD: CNNVD-201909-1227 // 
            
            
            
            NVD: CVE-2019-16900

REFERENCES
url:http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-16900
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16900
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41699 // 
            
            
            
            VULHUB: VHN-149093 // 
            
            
            
            JVNDB: JVNDB-2019-009702 // 
            
            
            
            CNNVD: CNNVD-201909-1227 // 
            
            
            
            NVD: CVE-2019-16900

SOURCES
db:IVDid:48149412-a680-47a7-bb82-8f2c80712997
db:CNVDid:CNVD-2019-41699
db:VULHUBid:VHN-149093
db:JVNDBid:JVNDB-2019-009702
db:CNNVDid:CNNVD-201909-1227
db:NVDid:CVE-2019-16900

LAST UPDATE DATE
2024-11-23T22:58:31.224000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41699date:2019-11-21T00:00:00
db:VULHUBid:VHN-149093date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009702date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1227date:2020-08-25T00:00:00
db:NVDid:CVE-2019-16900date:2024-11-21T04:31:18.190

SOURCES RELEASE DATE
db:IVDid:48149412-a680-47a7-bb82-8f2c80712997date:2019-11-21T00:00:00
db:CNVDid:CNVD-2019-41699date:2019-11-21T00:00:00
db:VULHUBid:VHN-149093date:2019-09-26T00:00:00
db:JVNDBid:JVNDB-2019-009702date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1227date:2019-09-25T00:00:00
db:NVDid:CVE-2019-16900date:2019-09-26T01:15:11.307