Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-13558

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.

Published

2019-09-18T22:15:11.293

Last Modified

2024-11-21T04:25:09.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

8.5

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	advantech	webaccess	≤ 8.4.1	Yes

References

https://www.us-cert.gov/ics/advisories/icsa-19-260-01 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-19-260-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)