PT-2023-2962 · Advantech · Advantech Webaccess/Scada
Yangliu
·
Published
2023-06-01
·
Updated
2023-06-12
·
CVE-2023-32540
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess/SCADA versions 9.1.3 and prior
Description
The issue is related to incorrect code generation management in the Advantech WebAccess software, which could allow an attacker to overwrite any file in the operating system, including system files, inject code into an XLS file, and modify the file extension. This could lead to arbitrary code execution. An attacker could exploit this issue remotely.
Recommendations
For versions 9.1.3 and prior, update to a version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advantech Webaccess/Scada