ZDI-19-960: Advantech WISE-PaaS/RMM NodeRed Server Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WISE-PaaS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NodeRed Server, which listens on TCP port 1880 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WISE-PaaS/RMM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-19-960?
ZDI-19-960 has been assigned a high severity level due to its potential for remote code execution without authentication.
How do I fix ZDI-19-960?
To fix ZDI-19-960, ensure you update Advantech WISE-PaaS/RMM to the latest version provided by the vendor.
Who is affected by ZDI-19-960?
ZDI-19-960 affects installations of Advantech WISE-PaaS/RMM that are running the vulnerable version of the NodeRed Server.
Can ZDI-19-960 be exploited without authentication?
Yes, ZDI-19-960 can be exploited by remote attackers without the need for authentication.
What system component is involved in ZDI-19-960?
The specific component involved in ZDI-19-960 is the NodeRed Server, which listens on TCP port 1880 by default.
- agent/references
- agent/type
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-960
- alias/ZDI-CAN-8891
- alias/CVE-2019-13547
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/advantech
- canonical/advantech wise-paas/rmm