Scada

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

advantech

CWE-822

critical

NVD

Published: 2023-08-02

Updated: 2024-02-01

Summary

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Vulnerable Configurations

Part	Description	Count
Application	Advantech Advantech Webaccess/Scada - Advantech Webaccess/Scada 7.2 Advantech Webaccess/Scada 8.0 Advantech Webaccess/Scada 8.1 Advantech Webaccess/Scada 8.2 Advantech Webaccess/Scada 8.2_20170817 Advantech Webaccess/Scada 8.3 Advantech Webaccess/Scada 8.3.2 Advantech Webaccess/Scada 8.4.5 Advantech Webaccess/Scada 9.0 Advantech Webaccess/Scada 9.0.1	11

Common Weakness Enumeration (CWE)

CWE-822 - Untrusted Pointer Dereference

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02