CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:webaccess\/scada:*:*:*:*:*:*:*:*

History

12 Jun 2023, 16:55

Type Values Removed Values Added
CPE cpe:2.3:a:advantech:webaccess\/scada:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 - Mitigation, Third Party Advisory, US Government Resource

06 Jun 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-06 00:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-32540

Mitre link : CVE-2023-32540

CVE.ORG link : CVE-2023-32540


JSON object : View

Products Affected

advantech

  • webaccess\/scada
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')