CVE-2023-1437
CVE-2023-1437

9.8CRITICAL

Key Information:

Vendor: Advantech
Status: WebAccess/SCADA
Vendor: CVE Published:; 2 August 2023

Summary

Advantech WebAccess/SCADA versions before 9.1.4 have a vulnerability that allows untrusted pointers in Remote Procedure Call (RPC) arguments from clients. This flaw can let an attacker send raw memory pointers to the server, which may lead to unauthorized access to the remote file system, enabling them to execute commands and modify files without permission.

Affected Version(s)

WebAccess/SCADA 0 < 9.1.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2023
Vulnerability Reserved
Mar 16, 2023

Credit

Florent Saudel