CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-6550 – Advantech WebAccess Node makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6550
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 https://www.zerodayinitiative.com/advisories/ZDI-19-585 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6552 – Advantech WebAccess Node bwrunmie Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6552
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de inyección de comandos, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-6554 – Advantech WebAccess Node UninstallWA Improper Access Control Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-6554
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Una vulnerabilidad de control de acceso incorrecto podría permitir que un atacante provoque una condición de denegación de servicio (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6519
https://notcve.org/view.php?id=CVE-2019-6519
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. Existe una vulnerabilidad de autorización incorrecta en la versión 8.3 de WebAccess/SCADA que podría permitir una omisión de autenticación, permitiendo a un atacante subir datos maliciosos. • http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6521
https://notcve.org/view.php?id=CVE-2019-6521
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. En la versión 8.3 de WebAccess/SCADA, peticiones especialmente manipuladas podrían permitir una omisión de autenticación que podría permitir que un atacante obtenga y manipule información sensible. • http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 • CWE-287: Improper Authentication •