CVE-2023-4202

Name of the Vulnerable Software and Affected Versions Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21

Description The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the web-interface. The vulnerability exists due to inadequate protection of the web page structure, which may allow a remote attacker to conduct cross-site scripting attacks.

Recommendations For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling the web-interface or restricting access to the device name field until a patch is available. Avoid using the device name field in the web-interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.