CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13551 – Advantech WISE-PaaS/RMM UpgradeMgmt Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13551
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. Advantech WISE-PaaS/RMM, versiones 3.3.29 y anteriores. Las vulnerabilidades de salto de ruta son causadas por la falta de comprobación apropiada de una ruta suministrada por el usuario antes de su uso en las operaciones de archivo. • https://www.us-cert.gov/ics/advisories/icsa-19-304-01 https://www.zerodayinitiative.com/advisories/ZDI-19-935 https://www.zerodayinitiative.com/advisories/ZDI-19-941 https://www.zerodayinitiative.com/advisories/ZDI-19-950 https://www.zerodayinitiative.com/advisories/ZDI-19-958 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16899
https://notcve.org/view.php?id=CVE-2019-16899
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. En Advantech WebAccess/HMI Designer versión 2.1.9.31, los Datos desde una Dirección en Fallo controlan el Flujo de Código que inicia en PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. • http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16900
https://notcve.org/view.php?id=CVE-2019-16900
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. Advantech WebAccess/HMI Designer versión 2.1.9.31, presenta un User Mode Write AV que inicia en MSVCR90!Memcpy+0x000000000000015c. • http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16901
https://notcve.org/view.php?id=CVE-2019-16901
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. Advantech WebAccess/HMI Designer versión 2.1.9.31 presenta corrupción en Exception Handler Chain que inicia en Unknown Symbol @ 0x0000000000000000 llamado desde ntdll! RtlRaiseStatus+0x00000000000000b4. • http://code610.blogspot.com/2019/09/crashing-webaccesshmi-designer-21931.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-13558
https://notcve.org/view.php?id=CVE-2019-13558
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. En WebAccess versiones 8.4.1 y anteriores, una explotación ejecutada por medio de la red puede causar un control inapropiado de la generación de código, lo que puede permitir la ejecución de código remota, la filtración de datos o un causar un bloqueo del sistema. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •