Vulnerability-Lookup

CVE-2019-3942 (GCVE-0-2019-3942)

Vulnerability from cvelistv5 – Published: 2020-04-01 16:04 – Updated: 2024-08-04 19:26

Summary

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

tenable

References

1 reference

URL	Tags
https://www.tenable.com/security/research/tra-2019-15	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Advantech WebAccess	Affected: 8.3.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2019-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Advantech WebAccess",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-01T16:04:29.000Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2019-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Advantech WebAccess",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284 Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-15",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2019-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2019-3942",
    "datePublished": "2020-04-01T16:04:29.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:26:27.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-3942",
      "date": "2026-05-23",
      "epss": "0.00935",
      "percentile": "0.76418"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3942\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2020-04-01T17:15:14.830\",\"lastModified\":\"2024-11-21T04:42:54.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.\"},{\"lang\":\"es\",\"value\":\"Advantech WebAccess versi\u00f3n 8.3.4, no restringe apropiadamente una llamada RPC lo que permite a usuarios remotos no autenticados leer archivos. Un atacante puede usar esta vulnerabilidad para recuperar la contrase\u00f1a de administrador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:webaccess:8.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E182AC38-8CB4-466C-ACAB-BFD7ECCEADF9\"}]}]}],\"references\":[{\"url\":\"https://www.tenable.com/security/research/tra-2019-15\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2019-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2020-05732

Vulnerability from fstec - Published: 01.04.2020

Title

Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к защищаемой информации

Description

Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess связана с недостаточной защитой регистрационных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Advantech Co., Ltd

Software Name

Advantech WebAccess

Software Version

до 8.3.4 (Advantech WebAccess)

Possible Mitigations

Обновление программного средства до версии 8.3.4 или более новой

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3942 https://www.tenable.com/security/research/tra-2019-15

CWE

CWE-522

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 8.3.4 (Advantech WebAccess)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 8.3.4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.12.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.12.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-05732",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-3942",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech WebAccess",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Advantech WebAccess, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-522)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Advantech WebAccess \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-3942\nhttps://www.tenable.com/security/research/tra-2019-15",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-522",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2020-22292

Vulnerability from cnvd - Published: 2020-04-11

Title

Advantech WebAccess访问控制错误漏洞（CNVD-2020-22292）

Description

Advantech WebAccess是中国台湾研华（Advantech）公司的一套基于浏览器架构的HMI/SCADA软件。该软件支持动态图形显示和实时数据控制，并提供远程控制和管理自动化设备的功能。 Advantech WebAccess 8.3.4版本中存在访问控制错误漏洞，该漏洞源于程序未能正确限制RPC调用。远程攻击者可借助特制请求利用该漏洞获取管理员密码。

Severity

中

Patch Name

Advantech WebAccess访问控制错误漏洞（CNVD-2020-22292）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.advantech.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3942

Impacted products

Name
Advantech WebAccess <8.3.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3942"
    }
  },
  "description": "Advantech WebAccess\u662f\u4e2d\u56fd\u53f0\u6e7e\u7814\u534e\uff08Advantech\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8e\u6d4f\u89c8\u5668\u67b6\u6784\u7684HMI/SCADA\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u52a8\u6001\u56fe\u5f62\u663e\u793a\u548c\u5b9e\u65f6\u6570\u636e\u63a7\u5236\uff0c\u5e76\u63d0\u4f9b\u8fdc\u7a0b\u63a7\u5236\u548c\u7ba1\u7406\u81ea\u52a8\u5316\u8bbe\u5907\u7684\u529f\u80fd\u3002\n\nAdvantech WebAccess 8.3.4\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236RPC\u8c03\u7528\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u5bc6\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.advantech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22292",
  "openTime": "2020-04-11",
  "patchDescription": "Advantech WebAccess\u662f\u4e2d\u56fd\u53f0\u6e7e\u7814\u534e\uff08Advantech\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8e\u6d4f\u89c8\u5668\u67b6\u6784\u7684HMI/SCADA\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u52a8\u6001\u56fe\u5f62\u663e\u793a\u548c\u5b9e\u65f6\u6570\u636e\u63a7\u5236\uff0c\u5e76\u63d0\u4f9b\u8fdc\u7a0b\u63a7\u5236\u548c\u7ba1\u7406\u81ea\u52a8\u5316\u8bbe\u5907\u7684\u529f\u80fd\u3002\r\n\r\nAdvantech WebAccess 8.3.4\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236RPC\u8c03\u7528\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Advantech WebAccess\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-22292\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Advantech WebAccess \u003c8.3.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3942",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-02",
  "title": "Advantech WebAccess\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-22292\uff09"
}

FKIE_CVE-2019-3942

Vulnerability from fkie_nvd - Published: 2020-04-01 17:15 - Updated: 2024-11-21 04:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

References

	URL	Tags
	vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2019-15	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2019-15	Third Party Advisory

Impacted products

	Vendor	Product	Version
	advantech	webaccess	8.3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:advantech:webaccess:8.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E182AC38-8CB4-466C-ACAB-BFD7ECCEADF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password."
    },
    {
      "lang": "es",
      "value": "Advantech WebAccess versi\u00f3n 8.3.4, no restringe apropiadamente una llamada RPC lo que permite a usuarios remotos no autenticados leer archivos. Un atacante puede usar esta vulnerabilidad para recuperar la contrase\u00f1a de administrador."
    }
  ],
  "id": "CVE-2019-3942",
  "lastModified": "2024-11-21T04:42:54.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-01T17:15:14.830",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-15"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "vulnreport@tenable.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6Q62-CCGM-CHGC

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13

Details

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3942"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.",
  "id": "GHSA-6q62-ccgm-chgc",
  "modified": "2022-05-24T17:13:01Z",
  "published": "2022-05-24T17:13:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3942"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2019-15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-3942

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

Aliases

CVE-2019-3942

Aliases

CVE-2019-3942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3942",
    "description": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.",
    "id": "GSD-2019-3942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3942"
      ],
      "details": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.",
      "id": "GSD-2019-3942",
      "modified": "2023-12-13T01:24:04.169618Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "ID": "CVE-2019-3942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Advantech WebAccess",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "8.3.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284 Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.tenable.com/security/research/tra-2019-15",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2019-15"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:advantech:webaccess:8.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-15",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2019-15"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-04-02T15:30Z",
      "publishedDate": "2020-04-01T17:15Z"
    }
  }
}

VAR-202004-0688

Vulnerability from variot - Updated: 2024-11-23 22:12

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. Advantech WebAccess Exists in an inadequate protection of credentials.Information may be obtained. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment.

The Advantech WebAccess 8.3.4 version has an access control error vulnerability that originated from the program's failure to properly restrict RPC calls

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0688",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webaccess",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "advantech",
        "version": "8.3.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "webaccess",
        "version": "8.3.4"
      },
      {
        "model": "webaccess",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "advantech",
        "version": "8.3.4"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:advantech:advantech_webaccess",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      }
    ]
  },
  "cve": "CVE-2019-3942",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-3942",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015244",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-22292",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "39b72fc8-f6a4-4080-90fd-093c362fe043",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "efd64e2f-8a74-497e-9b91-faf9825974a3",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-155377",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-3942",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015244",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-3942",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015244",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22292",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-020",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "39b72fc8-f6a4-4080-90fd-093c362fe043",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "efd64e2f-8a74-497e-9b91-faf9825974a3",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155377",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. Advantech WebAccess Exists in an inadequate protection of credentials.Information may be obtained. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment. \n\r\n\r\nThe Advantech WebAccess 8.3.4 version has an access control error vulnerability that originated from the program\u0027s failure to properly restrict RPC calls",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3942",
        "trust": 3.7
      },
      {
        "db": "TENABLE",
        "id": "TRA-2019-15",
        "trust": 2.5
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "66FEF8D1-F250-4901-9E4C-AC55484F56D3",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "39B72FC8-F6A4-4080-90FD-093C362FE043",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "EFD64E2F-8A74-497E-9B91-FAF9825974A3",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "id": "VAR-202004-0688",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      }
    ],
    "trust": 1.73470696
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:06.855000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Advantech WebAccess",
        "trust": 0.8,
        "url": "https://www.advantech.co.jp/industrial-automation/webaccess"
      },
      {
        "title": "Patch for Advantech WebAccess access control error vulnerability (CNVD-2020-22292)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/213425"
      },
      {
        "title": "Advantech WebAccess Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113162"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-284",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.tenable.com/security/research/tra-2019-15"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3942"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3942"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-01T00:00:00",
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "date": "2020-04-01T00:00:00",
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "date": "2020-04-01T00:00:00",
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "date": "2020-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "date": "2020-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "date": "2020-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "date": "2020-04-01T17:15:14.830000",
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22292"
      },
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155377"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      },
      {
        "date": "2020-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      },
      {
        "date": "2024-11-21T04:42:54.787000",
        "db": "NVD",
        "id": "CVE-2019-3942"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Advantech WebAccess Vulnerability regarding inadequate protection of credentials in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015244"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3"
      },
      {
        "db": "IVD",
        "id": "39b72fc8-f6a4-4080-90fd-093c362fe043"
      },
      {
        "db": "IVD",
        "id": "efd64e2f-8a74-497e-9b91-faf9825974a3"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-020"
      }
    ],
    "trust": 1.2
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3942 (GCVE-0-2019-3942)

BDU:2020-05732

CNVD-2020-22292

FKIE_CVE-2019-3942

GHSA-6Q62-CCGM-CHGC

GSD-2019-3942

VAR-202004-0688

Tags

Sightings

Nomenclature