CVE-2023-1437

CVE-2023-1437

9.8CRITICAL

Key Information

Vendor
Advantech
Status
WebAccess/SCADA
Vendor
CVE Published:
2 August 2023

Summary

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Affected Version(s)

WebAccess/SCADA < 9.1.4

Refferences

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Florent Saudel
.