CVE-2023-32628

Name of the Vulnerable Software and Affected Versions Advantech WebAccss/SCADA versions 9.1.3 and prior

Description The issue is related to an arbitrary file upload vulnerability. This could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, leading to remote code execution. The vulnerability is associated with unlimited upload of dangerous file types, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Advantech WebAccss/SCADA versions 9.1.3 and prior, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the certificate file upload module to minimize the risk of remote code execution. Avoid using the file upload feature for certificate files with ASP extensions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.