Lucene search

K
cvelistIcscertCVELIST:CVE-2023-32540
HistoryJun 05, 2023 - 11:16 p.m.

CVE-2023-32540

2023-06-0523:16:28
CWE-94
icscert
www.cve.org
arbitrary file overwrite
code injection
arbitrary code execution

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WebAccess/SCADA",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThanOrEqual": "v9.1.3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

Related for CVELIST:CVE-2023-32540