CVE-2023-4203

Name of the Vulnerable Software and Affected Versions Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21

Description The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the ping tool of the web-interface. The vulnerability exists due to the lack of protection measures for the web page structure, allowing a remote attacker to conduct cross-site scripting attacks using the ping tool.

Recommendations For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling the ping tool in the web-interface as a temporary workaround until a patch is available. Restrict access to the web-interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.