CVE-2019-3942

HIGH

Advantech Webaccess - Improper Access Control

Title source: rule

Description

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

References (1)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2019-15

Scores

CVSS v3 7.5

EPSS 0.0094

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-284 CWE-522

Status published

Affected Products (1)

advantech/webaccess

Timeline

Published Apr 01, 2020

Tracked Since Feb 18, 2026