PT-2020-5136 · Advantech · Advantech Webaccess

Published

2020-04-01

Updated

2020-04-02

CVE-2019-3942

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech WebAccess version 8.3.4

Description The issue is related to insufficient protection of registration data in Advantech WebAccess, allowing a remote attacker to access protected information. Specifically, Advantech WebAccess 8.3.4 does not properly restrict an RPC call, enabling unauthenticated, remote users to read files. An attacker can exploit this to recover the administrator password.

Recommendations For Advantech WebAccess version 8.3.4, consider restricting access to the RPC call that allows file reading until a patch is available. As a temporary workaround, limit the ability of unauthenticated, remote users to read files to minimize the risk of exploitation.

Fix

Improper Access Control

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-522

Related Identifiers

BDU:2020-05732

CVE-2019-3942

Affected Products

Advantech Webaccess

PT-2020-5136 · Advantech · Advantech Webaccess

CVE-2019-3942

Weakness Enumeration

Related Identifiers

Affected Products

References · 5