CVE-2023-2924

Name of the Vulnerable Software and Affected Versions Supcon SimField versions up to 1.80.00.00

Description A critical issue has been found in Supcon SimField, affecting some unknown functionality of the file "/admin/reportupload.aspx". The manipulation of the argument files[] leads to unrestricted upload. The attack can be launched remotely. The issue has been publicly disclosed and may be exploited.

Recommendations For versions up to 1.80.00.00, as a temporary workaround, consider restricting access to the "/admin/reportupload.aspx" file to minimize the risk of exploitation. Avoid using the files[] argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.