CVE-2019-18235
Published: 17 March 2021
Summary
CVE-2019-18235 is a critical-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Advantech Spectre Rt Ert351 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-8035
Vulnerability details
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.
Specific conditions can include excessive failed attempts, triggering stronger authentication that restricts brute-force exploitation.