ID
VAR-202306-0130
CVE
CVE-2023-32628
TITLE
Advantech WebAccess/SCADA arbitrary file upload vulnerability (CNVD-2024-15541)
Trust: 0.6
DESCRIPTION
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from China Advantech Company. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment
Trust: 1.53
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess\/scada | scope: | lte | version: | 9.1.3 | Trust: 1.0 |
| vendor: | advantech | model: | webaccess/scada | scope: | lte | version: | <=9.1.3 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-434 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
code problem
Trust: 0.6
PATCH
| title: | Patch for Advantech WebAccess/SCADA arbitrary file upload vulnerability (CNVD-2024-15541) | url: | https://www.cnvd.org.cn/patchInfo/show/537536 | Trust: 0.6 |
| title: | Advantech WebAccess/SCADA Fixes for code issue vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=241309 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-32628 | Trust: 2.3 |
| db: | ICS CERT | id: | ICSA-23-152-01 | Trust: 1.7 |
| db: | AUSCERT | id: | ESB-2023.3138 | Trust: 1.2 |
| db: | CNVD | id: | CNVD-2024-15541 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202306-087 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-32628 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 | Trust: 1.7 |
| url: | https://www.auscert.org.au/bulletins/esb-2023.3138 | Trust: 1.2 |
| url: | https://cxsecurity.com/cveshow/cve-2023-32628/ | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-32628 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/434.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2024-15541 |
| db: | VULMON | id: | CVE-2023-32628 |
| db: | CNNVD | id: | CNNVD-202306-087 |
| db: | NVD | id: | CVE-2023-32628 |
LAST UPDATE DATE
2024-08-14T14:43:12.454000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-15541 | date: | 2024-03-29T00:00:00 |
| db: | VULMON | id: | CVE-2023-32628 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-087 | date: | 2023-06-13T00:00:00 |
| db: | NVD | id: | CVE-2023-32628 | date: | 2023-06-12T16:53:19.953 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-15541 | date: | 2024-03-29T00:00:00 |
| db: | VULMON | id: | CVE-2023-32628 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-087 | date: | 2023-06-02T00:00:00 |
| db: | NVD | id: | CVE-2023-32628 | date: | 2023-06-06T00:15:10.177 |