Search criteria
15 vulnerabilities found for wise-paas\/rmm by advantech
VAR-201910-0898
Vulnerability from variot - Updated: 2024-11-23 22:11Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. Advantech WISE-PaaS/RMM Is XML An external entity vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RecoveryMgmt class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. A code issue vulnerability exists in Advantech WISE-PaaS / RMM 3.3.29 and earlier. The vulnerability originates from improper design or implementation during code development of a network system or product
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wise-paas/rmm",
"scope": null,
"trust": 7.7,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "wise-paas\\/rmm",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.8,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=3.3.29"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "NVD",
"id": "CVE-2019-18227"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:wise-pass%2frmm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
}
],
"trust": 4.2
},
"cve": "CVE-2019-18227",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-43383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-150552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18227",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 7.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18227",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18227",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-18227",
"trust": 7.7,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18227",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18227",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-43383",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1922",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150552",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "VULHUB",
"id": "VHN-150552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
},
{
"db": "NVD",
"id": "CVE-2019-18227"
}
]
},
"description": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. Advantech WISE-PaaS/RMM Is XML An external entity vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RecoveryMgmt class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. \nA code issue vulnerability exists in Advantech WISE-PaaS / RMM 3.3.29 and earlier. The vulnerability originates from improper design or implementation during code development of a network system or product",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18227"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
},
{
"db": "VULHUB",
"id": "VHN-150552"
}
],
"trust": 9.72
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-18227",
"trust": 10.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-304-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-959",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-946",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-936",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-942",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-953",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-943",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-947",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-939",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-954",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-945",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-944",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9229",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9096",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9232",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9230",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9097",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9231",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9095",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9213",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9098",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9086",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9094",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43383",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4067",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150552",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "VULHUB",
"id": "VHN-150552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
},
{
"db": "NVD",
"id": "CVE-2019-18227"
}
]
},
"id": "VAR-201910-0898",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "VULHUB",
"id": "VHN-150552"
}
],
"trust": 1.25714285
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43383"
}
]
},
"last_update_date": "2024-11-23T22:11:47.597000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 7.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"title": "WISE-PaaS/RMM",
"trust": 0.8,
"url": "https://www.advantech.com/products/550836fd-a062-4780-8416-3b742bc7fb16/wise-paas-rmm/mod_8a1ba47e-d09f-4847-b478-42372eea29d1"
},
{
"title": "Patch for Advantech WISE-PaaS / RMM XML External Entity Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192663"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "NVD",
"id": "CVE-2019-18227"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 10.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-959/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-936/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-939/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-942/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-943/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-944/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-945/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-946/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-947/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-953/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-954/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18227"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18227"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4067/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-959"
},
{
"db": "ZDI",
"id": "ZDI-19-946"
},
{
"db": "ZDI",
"id": "ZDI-19-936"
},
{
"db": "ZDI",
"id": "ZDI-19-942"
},
{
"db": "ZDI",
"id": "ZDI-19-953"
},
{
"db": "ZDI",
"id": "ZDI-19-943"
},
{
"db": "ZDI",
"id": "ZDI-19-947"
},
{
"db": "ZDI",
"id": "ZDI-19-939"
},
{
"db": "ZDI",
"id": "ZDI-19-954"
},
{
"db": "ZDI",
"id": "ZDI-19-945"
},
{
"db": "ZDI",
"id": "ZDI-19-944"
},
{
"db": "CNVD",
"id": "CNVD-2019-43383"
},
{
"db": "VULHUB",
"id": "VHN-150552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
},
{
"db": "NVD",
"id": "CVE-2019-18227"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-959",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-946",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-936",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-942",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-953",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-943",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-947",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-939",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-954",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-945",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-944",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-43383",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-150552",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011401",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1922",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-18227",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-959",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-946",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-936",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-942",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-953",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-943",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-947",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-939",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-954",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-945",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-944",
"ident": null
},
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43383",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-150552",
"ident": null
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011401",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1922",
"ident": null
},
{
"date": "2019-10-31T22:15:10.863000",
"db": "NVD",
"id": "CVE-2019-18227",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-959",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-946",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-936",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-942",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-953",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-943",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-947",
"ident": null
},
{
"date": "2019-11-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-939",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-954",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-945",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-944",
"ident": null
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43383",
"ident": null
},
{
"date": "2019-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-150552",
"ident": null
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011401",
"ident": null
},
{
"date": "2019-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1922",
"ident": null
},
{
"date": "2024-11-21T04:32:52.770000",
"db": "NVD",
"id": "CVE-2019-18227",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011401"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1922"
}
],
"trust": 0.6
}
}
VAR-201910-1186
Vulnerability from variot - Updated: 2024-11-23 22:11Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. Advantech WISE-PaaS/RMM Is vulnerable to a lack of authentication.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NodeRed Server, which listens on TCP port 1880 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Advantech WISE-PaaS / RMM has an unauthorized access vulnerability. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. There are security vulnerabilities in Advantech WISE-PaaS / RMM 3.3.29 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wise-paas\\/rmm",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "3.3.29"
},
{
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.8,
"vendor": "advantech",
"version": "3.3.29"
},
{
"model": "wise-paas/rmm",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "wise-paas/rmm",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "3.3.29"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:wise-pass%2frmm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod of 9sg",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
}
],
"trust": 1.3
},
"cve": "CVE-2019-13547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13547",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-43385",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-145404",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13547",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13547",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-13547",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2019-13547",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-43385",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1916",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-145404",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "VULHUB",
"id": "VHN-145404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. Advantech WISE-PaaS/RMM Is vulnerable to a lack of authentication.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NodeRed Server, which listens on TCP port 1880 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. \n\nAdvantech WISE-PaaS / RMM has an unauthorized access vulnerability. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. \nThere are security vulnerabilities in Advantech WISE-PaaS / RMM 3.3.29 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13547"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"db": "VULHUB",
"id": "VHN-145404"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13547",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-304-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-960",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8891",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43385",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4067",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145404",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "VULHUB",
"id": "VHN-145404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"id": "VAR-201910-1186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "VULHUB",
"id": "VHN-145404"
}
],
"trust": 1.25714285
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43385"
}
]
},
"last_update_date": "2024-11-23T22:11:47.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WISE-PaaS/RMM",
"trust": 0.8,
"url": "https://www.advantech.com/products/550836fd-a062-4780-8416-3b742bc7fb16/wise-paas-rmm/mod_8a1ba47e-d09f-4847-b478-42372eea29d1"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"title": "Patch for Advantech WISE-PaaS / RMM Unauthorized Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192659"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-960/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13547"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13547"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4067/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "VULHUB",
"id": "VHN-145404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"db": "VULHUB",
"id": "VHN-145404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-145404"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"date": "2019-10-31T21:15:12.887000",
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-960"
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43385"
},
{
"date": "2020-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-145404"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011530"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1916"
},
{
"date": "2024-11-21T04:25:07.327000",
"db": "NVD",
"id": "CVE-2019-13547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WISE-PaaS/RMM Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1916"
}
],
"trust": 0.6
}
}
VAR-201910-1188
Vulnerability from variot - Updated: 2024-11-23 22:11Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. Advantech WISE-PaaS/RMM Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RMSWatchDog service, which listens on TCP port 81 by default. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. A path traversal vulnerability exists in Advantech WISE-PaaS / RMM 3.3.29 and earlier versions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wise-paas/rmm",
"scope": null,
"trust": 2.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "wise-paas\\/rmm",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.8,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=3.3.29"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "NVD",
"id": "CVE-2019-13551"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:wise-pass%2frmm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
}
]
},
"credits": {
"_id": null,
"data": "rgod of 9sg",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
}
],
"trust": 3.4
},
"cve": "CVE-2019-13551",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13551",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-43382",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-145409",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13551",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13551",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13551",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13551",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13551",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-13551",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2019-13551",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13551",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-13551",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-43382",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1917",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-145409",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "VULHUB",
"id": "VHN-145409"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
},
{
"db": "NVD",
"id": "CVE-2019-13551"
}
]
},
"description": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. Advantech WISE-PaaS/RMM Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RMSWatchDog service, which listens on TCP port 81 by default. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech WISE-PaaS / RMM is a set of remote monitoring and management platform for IoT devices from Advantech in Taiwan, China. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on / off and scheduling, data collection, and storage. \nA path traversal vulnerability exists in Advantech WISE-PaaS / RMM 3.3.29 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13551"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
},
{
"db": "VULHUB",
"id": "VHN-145409"
}
],
"trust": 5.31
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13551",
"trust": 5.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-304-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-958",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-935",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-941",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-950",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9101",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8892",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9226",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9173",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4067",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145409",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "VULHUB",
"id": "VHN-145409"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
},
{
"db": "NVD",
"id": "CVE-2019-13551"
}
]
},
"id": "VAR-201910-1188",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "VULHUB",
"id": "VHN-145409"
}
],
"trust": 1.25714285
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43382"
}
]
},
"last_update_date": "2024-11-23T22:11:47.505000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"title": "WISE-PaaS/RMM",
"trust": 0.8,
"url": "https://www.advantech.com/products/550836fd-a062-4780-8416-3b742bc7fb16/wise-paas-rmm/mod_8a1ba47e-d09f-4847-b478-42372eea29d1"
},
{
"title": "Patch for Advantech WISE-PaaS / RMM Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192665"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145409"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "NVD",
"id": "CVE-2019-13551"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.9,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-958/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-935/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-941/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-950/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13551"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13551"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4067/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-958"
},
{
"db": "ZDI",
"id": "ZDI-19-935"
},
{
"db": "ZDI",
"id": "ZDI-19-941"
},
{
"db": "ZDI",
"id": "ZDI-19-950"
},
{
"db": "CNVD",
"id": "CNVD-2019-43382"
},
{
"db": "VULHUB",
"id": "VHN-145409"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
},
{
"db": "NVD",
"id": "CVE-2019-13551"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-958",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-935",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-941",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-950",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-43382",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-145409",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011529",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13551",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-958",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-935",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-941",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-950",
"ident": null
},
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43382",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-145409",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011529",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1917",
"ident": null
},
{
"date": "2019-10-31T21:15:12.997000",
"db": "NVD",
"id": "CVE-2019-13551",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-958",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-935",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-941",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-950",
"ident": null
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43382",
"ident": null
},
{
"date": "2019-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-145409",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011529",
"ident": null
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1917",
"ident": null
},
{
"date": "2024-11-21T04:25:07.857000",
"db": "NVD",
"id": "CVE-2019-13551",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011529"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1917"
}
],
"trust": 0.6
}
}
VAR-201910-0900
Vulnerability from variot - Updated: 2024-11-23 22:11Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. Advantech WISE-PaaS/RMM Is SQL An injection vulnerability exists.Information may be obtained. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the SQLMgmt class. Advantech WISE-PaaS/RMM is a set of remote monitoring and management platform for Internet of Things equipment of Advantech in Taiwan. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on/off and scheduling, data collection and storage
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wise-paas/rmm",
"scope": null,
"trust": 7.0,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "wise-paas\\/rmm",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.8,
"vendor": "advantech",
"version": "3.3.29"
},
{
"_id": null,
"model": "wise-paas/rmm",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=3.3.29"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "NVD",
"id": "CVE-2019-18229"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:wise-pass%2frmm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
}
]
},
"credits": {
"_id": null,
"data": "rgod of 9sg",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
}
],
"trust": 7.6
},
"cve": "CVE-2019-18229",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-18229",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-43384",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-150554",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18229",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 6.3,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18229",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18229",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-18229",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-18229",
"trust": 7.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18229",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18229",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-43384",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1921",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-150554",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "VULHUB",
"id": "VHN-150554"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
},
{
"db": "NVD",
"id": "CVE-2019-18229"
}
]
},
"description": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. Advantech WISE-PaaS/RMM Is SQL An injection vulnerability exists.Information may be obtained. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the SQLMgmt class. Advantech WISE-PaaS/RMM is a set of remote monitoring and management platform for Internet of Things equipment of Advantech in Taiwan. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on/off and scheduling, data collection and storage",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18229"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
},
{
"db": "VULHUB",
"id": "VHN-150554"
}
],
"trust": 9.09
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-18229",
"trust": 10.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-304-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-937",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-956",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-948",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-957",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-949",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-952",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-938",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-940",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-955",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-951",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9148",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9144",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9177",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9145",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9174",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9146",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9191",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9190",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9143",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9147",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4067",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150554",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "VULHUB",
"id": "VHN-150554"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
},
{
"db": "NVD",
"id": "CVE-2019-18229"
}
]
},
"id": "VAR-201910-0900",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "VULHUB",
"id": "VHN-150554"
}
],
"trust": 1.25714285
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43384"
}
]
},
"last_update_date": "2024-11-23T22:11:47.423000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 7.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"title": "WISE-PaaS/RMM",
"trust": 0.8,
"url": "https://www.advantech.com/products/550836fd-a062-4780-8416-3b742bc7fb16/wise-paas-rmm/mod_8a1ba47e-d09f-4847-b478-42372eea29d1"
},
{
"title": "Patch for Advantech WISE-PaaS / RMM SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192661"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150554"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "NVD",
"id": "CVE-2019-18229"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 10.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-957/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-937/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-938/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-940/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-948/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-949/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-951/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-952/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-955/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-956/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18229"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4067/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-937"
},
{
"db": "ZDI",
"id": "ZDI-19-956"
},
{
"db": "ZDI",
"id": "ZDI-19-948"
},
{
"db": "ZDI",
"id": "ZDI-19-957"
},
{
"db": "ZDI",
"id": "ZDI-19-949"
},
{
"db": "ZDI",
"id": "ZDI-19-952"
},
{
"db": "ZDI",
"id": "ZDI-19-938"
},
{
"db": "ZDI",
"id": "ZDI-19-940"
},
{
"db": "ZDI",
"id": "ZDI-19-955"
},
{
"db": "ZDI",
"id": "ZDI-19-951"
},
{
"db": "CNVD",
"id": "CNVD-2019-43384"
},
{
"db": "VULHUB",
"id": "VHN-150554"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
},
{
"db": "NVD",
"id": "CVE-2019-18229"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-937",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-956",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-948",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-957",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-949",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-952",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-938",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-940",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-955",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-951",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-43384",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-150554",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011477",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1921",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-18229",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-937",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-956",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-948",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-957",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-949",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-952",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-938",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-940",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-955",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-951",
"ident": null
},
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43384",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-150554",
"ident": null
},
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011477",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1921",
"ident": null
},
{
"date": "2019-10-31T22:15:11.020000",
"db": "NVD",
"id": "CVE-2019-18229",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-937",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-956",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-948",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-957",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-949",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-952",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-938",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-940",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-955",
"ident": null
},
{
"date": "2019-11-01T00:00:00",
"db": "ZDI",
"id": "ZDI-19-951",
"ident": null
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43384",
"ident": null
},
{
"date": "2019-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-150554",
"ident": null
},
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011477",
"ident": null
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1921",
"ident": null
},
{
"date": "2024-11-21T04:32:53.037000",
"db": "NVD",
"id": "CVE-2019-18229",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech WISE-PaaS/RMM In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011477"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1921"
}
],
"trust": 0.6
}
}
VAR-202105-0680
Vulnerability from variot - Updated: 2024-08-14 12:45The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). Advantech Provided by the company WISE-PaaS/RMM Is IoT Software platform service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech WISE-PaaS/RMM is a set of remote monitoring and management platform for Internet of Things equipment of Advantech in Taiwan. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on/off and scheduling, data collection and storage
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wise-paas\\/rmm",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "9.0.1"
},
{
"model": "wise-paas/rmm",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wise-paas/rmm",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "9.0.1 earlier versions"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"cve": "CVE-2021-27437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27437",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-386704",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27437",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001385",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27437",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001385",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-088",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-386704",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-27437",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). Advantech Provided by the company WISE-PaaS/RMM Is IoT Software platform service. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech WISE-PaaS/RMM is a set of remote monitoring and management platform for Internet of Things equipment of Advantech in Taiwan. The platform supports cloud-based centralized remote IPC, IoT device hardware and software status monitoring and management, and supports remote power on/off and scheduling, data collection and storage",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "VULMON",
"id": "CVE-2021-27437"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-124-01",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2021-27437",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU91947410",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1527",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050504",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-27437",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"id": "VAR-202105-0680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386704"
}
],
"trust": 0.65714285
},
"last_update_date": "2024-08-14T12:45:52.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Resource\u00a0Download",
"trust": 0.8,
"url": "https://select.advantech.com/deviceon/#ResourceDownload"
},
{
"title": "Advantech WISE-PaaS/RMM Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151197"
},
{
"title": "CVE-2021-27437",
"trust": 0.1,
"url": "https://github.com/JamesGeee/CVE-2021-27437 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91947410"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050504"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1527"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2021-27437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386704"
},
{
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-386704"
},
{
"date": "2021-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"date": "2021-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"date": "2021-05-07T15:15:07.460000",
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-386704"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27437"
},
{
"date": "2021-05-07T06:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-001385"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-088"
},
{
"date": "2021-05-19T18:59:25.690000",
"db": "NVD",
"id": "CVE-2021-27437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0WISE-PaaS/RMM\u00a0 Hard-coded credential usage vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
CVE-2021-27437 (GCVE-0-2021-27437)
Vulnerability from nvd – Published: 2021-05-07 14:36 – Updated: 2024-08-03 20:48
VLAI?
Summary
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
Severity ?
No CVSS data available.
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | WISE-PaaS/RMM |
Affected:
versions prior to 9.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 9.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-07T14:36:54",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "versions prior to 9.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27437",
"datePublished": "2021-05-07T14:36:54",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18229 (GCVE-0-2019-18229)
Vulnerability from nvd – Published: 2019-10-31 21:05 – Updated: 2024-08-05 01:47
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Severity ?
No CVSS data available.
CWE
- CWE-89 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18229",
"datePublished": "2019-10-31T21:05:02",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18227 (GCVE-0-2019-18227)
Vulnerability from nvd – Published: 2019-10-31 21:01 – Updated: 2024-08-05 01:47
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
Severity ?
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:37",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18227",
"datePublished": "2019-10-31T21:01:42",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13551 (GCVE-0-2019-13551)
Vulnerability from nvd – Published: 2019-10-31 20:54 – Updated: 2024-08-04 23:57
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:32",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13551",
"datePublished": "2019-10-31T20:54:45",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13547 (GCVE-0-2019-13547)
Vulnerability from nvd – Published: 2019-10-31 20:59 – Updated: 2024-08-04 23:57
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-862 - MISSING AUTHORIZATION CWE-862
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "MISSING AUTHORIZATION CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13547",
"datePublished": "2019-10-31T20:59:00",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27437 (GCVE-0-2021-27437)
Vulnerability from cvelistv5 – Published: 2021-05-07 14:36 – Updated: 2024-08-03 20:48
VLAI?
Summary
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
Severity ?
No CVSS data available.
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | WISE-PaaS/RMM |
Affected:
versions prior to 9.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 9.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-07T14:36:54",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "versions prior to 9.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27437",
"datePublished": "2021-05-07T14:36:54",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18229 (GCVE-0-2019-18229)
Vulnerability from cvelistv5 – Published: 2019-10-31 21:05 – Updated: 2024-08-05 01:47
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Severity ?
No CVSS data available.
CWE
- CWE-89 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-949/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-940/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-938/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-951/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-955/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-937/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-956/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-952/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-957/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-948/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18229",
"datePublished": "2019-10-31T21:05:02",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18227 (GCVE-0-2019-18227)
Vulnerability from cvelistv5 – Published: 2019-10-31 21:01 – Updated: 2024-08-05 01:47
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
Severity ?
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:37",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-954/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-944/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-936/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-945/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-947/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-953/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-942/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-943/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-946/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-939/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-959/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18227",
"datePublished": "2019-10-31T21:01:42",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13547 (GCVE-0-2019-13547)
Vulnerability from cvelistv5 – Published: 2019-10-31 20:59 – Updated: 2024-08-04 23:57
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-862 - MISSING AUTHORIZATION CWE-862
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "MISSING AUTHORIZATION CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-960/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13547",
"datePublished": "2019-10-31T20:59:00",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13551 (GCVE-0-2019-13551)
Vulnerability from cvelistv5 – Published: 2019-10-31 20:54 – Updated: 2024-08-04 23:57
VLAI?
Summary
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech WISE-PaaS/RMM |
Affected:
Versions 3.3.29 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WISE-PaaS/RMM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.3.29 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T19:06:32",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-935/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-950/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-941/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-958/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13551",
"datePublished": "2019-10-31T20:54:45",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}