CVE-2023-32540

9.8CRITICAL

Key Information

Vendor
Advantech
Status
WebAccess/SCADA
Vendor
CVE Published:
6 June 2023

Summary

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

Affected Version(s)

WebAccess/SCADA <= 0

Refferences

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA.
.