PT-2023-6175 · Advantech · Advantech R-Seenet

Published

2023-10-18

Updated

2023-10-25

CVE-2023-5642

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.23

Description The issue is related to the lack of protection for service data in the Advantech R-SeeNet software, which is used for monitoring the state and functions of routers. This can be exploited by a remote attacker to gain access to the database by reading and writing data in the snmpmon.ini file. The snmpmon.ini file contains sensitive information.

Recommendations For Advantech R-SeeNet version 2.4.23, consider restricting access to the snmpmon.ini file to prevent unauthorized reading and writing of sensitive data until a patch is available. As a temporary workaround, limit the privileges of users who can access this file.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2023-06884

CVE-2023-5642

Affected Products

Advantech R-Seenet

PT-2023-6175 · Advantech · Advantech R-Seenet

CVE-2023-5642

Weakness Enumeration

Related Identifiers

Affected Products

References · 6