Stack-Based Buffer Overflow in Advantech R-SeeNet Software
CVE-2022-3385

9.8CRITICAL

Key Information:

Vendor: Advantech
Status: R-seenet
Vendor: CVE Published:; 27 October 2022

What is CVE-2022-3385?

The Advantech R-SeeNet software, specifically versions 2.4.17 and earlier, is susceptible to a stack-based buffer overflow. This vulnerability allows unauthorized attackers to remotely manipulate the stack buffer, potentially leading to remote code execution. Organizations using affected versions are recommended to update their software to mitigate risks associated with this security flaw.

Affected Version(s)

R-SeeNet 0 <= 2.4.17

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01

government-resource

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2022
Vulnerability Reserved
Sep 30, 2022

Credit

rgod

Trend Micro Zero Day Initiative