Main Vulnerability Database Vulnerabilities #VU22451

#VU22451 SQL injection in WISE-PaaS/RMM - CVE-2019-18229

Published: November 1, 2019

Vulnerability identifier: #VU22451

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-18229

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WISE-PaaS/RMM

Software vendor:
Advantech Co., Ltd

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can send a specially crafted request to the affected application, execute arbitrary SQL commands within the application database and access sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Remediation

Vendor recommends to update to new EdgeSense and DeviceOn software bundles.

External links

https://www.us-cert.gov/ics/advisories/icsa-19-304-01

#VU22451 SQL injection in WISE-PaaS/RMM - CVE-2019-18229

Description

Remediation

External links

Please verify you're human