Scada

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

advantech

NVD

Published: 2023-06-06

Updated: 2024-11-21

Summary

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Advantech Advantech Webaccess/Scada - Advantech Webaccess/Scada 7.2 Advantech Webaccess/Scada 8.0 Advantech Webaccess/Scada 8.1 Advantech Webaccess/Scada 8.2 Advantech Webaccess/Scada 8.2_20170817 Advantech Webaccess/Scada 8.3 Advantech Webaccess/Scada 8.3.2 Advantech Webaccess/Scada 8.4.5 Advantech Webaccess/Scada 9.0 Advantech Webaccess/Scada 9.0.1	11

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01