nvd-json-data-feeds/CVE-2019/CVE-2019-109xx/CVE-2019-10961.json

{
  "id": "CVE-2019-10961",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2019-08-02T17:15:14.327",
  "lastModified": "2023-03-03T15:51:17.100",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution."
    },
    {
      "lang": "es",
      "value": "En WebAccess HMI Designer de Advantech versi\u00f3n 2.1.9.23 y anteriores, el procesamiento de archivos MCR especialmente dise\u00f1ados que carecen de una comprobaci\u00f3n apropiada de datos suministrados por el usuario, puede causar que el sistema escriba fuera del \u00e1rea de b\u00fafer prevista, permitiendo la ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:advantech:webaccess_hmi_designer:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.1.7.32",
              "matchCriteriaId": "094A31CD-7B8D-4E77-A6F5-64EE2148F424"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-691/",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}