Sign-up

ID

VAR-201912-1868


TITLE

Advantech WebAccess 8.4.2 has arbitrary file deletion vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-43636

DESCRIPTION

Advantech WebAccess is a set of HMI / SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess 8.4.2 has an arbitrary file deletion vulnerability. An attacker can use this vulnerability to delete arbitrary files on the target host

Trust: 0.72

sources: CNVD: CNVD-2019-43636 // IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e // CNVD: CNVD-2019-43636

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessnodescope:eqversion:v8.4.2

Trust: 0.8

sources: IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e // CNVD: CNVD-2019-43636

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-43636
value: MEDIUM

Trust: 0.6

IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2019-43636
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e // CNVD: CNVD-2019-43636

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e

PATCH

title:Advantech WebAccess 8.4.2 has arbitrary file deletion vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/189697

Trust: 0.6

sources: CNVD: CNVD-2019-43636

EXTERNAL IDS

db:CNVDid:CNVD-2019-43636

Trust: 0.8

db:IVDid:3304B8F2-3785-43F0-85CE-4ACF2FFC579E

Trust: 0.2

sources: IVD: 3304b8f2-3785-43f0-85ce-4acf2ffc579e // CNVD: CNVD-2019-43636

SOURCES

db:IVDid:3304b8f2-3785-43f0-85ce-4acf2ffc579e
db:CNVDid:CNVD-2019-43636

LAST UPDATE DATE

2022-05-17T02:03:10.968000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-43636date:2019-12-10T00:00:00

SOURCES RELEASE DATE

db:IVDid:3304b8f2-3785-43f0-85ce-4acf2ffc579edate:2019-12-03T00:00:00
db:CNVDid:CNVD-2019-43636date:2019-12-14T00:00:00