CVE-2023-22450

7.2HIGH

Key Information

Vendor
Advantech
Status
WebAccess/SCADA
Vendor
CVE Published:
6 June 2023

Summary

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

Affected Version(s)

WebAccess/SCADA <= 0

Refferences

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA.
.