CVE-2023-32540

9.8CRITICAL

Key Information

Vendor: Advantech
Status: WebAccess/SCADA
Vendor: CVE Published:; 6 June 2023

Summary

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

Affected Version(s)

WebAccess/SCADA <= 0

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 6, 2023
Vulnerability Reserved.
May 22, 2023

Collectors

NVD DatabaseMitre Database

Credit

YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA.