Lucene search

[email protected]CVE-2023-1437

HistoryAug 02, 2023 - 11:15 p.m.

CVE-2023-1437

2023-08-0223:15:10

CWE-119

CWE-822

[email protected]

web.nvd.nist.gov

cve-2023-1437

advantech webaccess

scada

vulnerability

untrusted pointers

remote file system access

command execution

file overwrite

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Affected configurations

NVD

Node

advantechwebaccess\/scadaRange<9.1.4

CPENameOperatorVersion
advantech:webaccess\/scadaadvantech webaccess/scadalt9.1.4

CPE	Name	Operator	Version
advantech:webaccess\/scada	advantech webaccess/scada	lt	9.1.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WebAccess/SCADA",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThan": "9.1.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-166-02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for CVE-2023-1437

cvelist1 ics1 prion1 nvd1