ID
VAR-202306-0131
CVE
CVE-2023-22450
TITLE
Advantech WebAccess/SCADA Arbitrary File Upload Vulnerability
Trust: 0.6
DESCRIPTION
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from China Advantech Company. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. This vulnerability is caused by the application's lack of effective verification of uploaded files
Trust: 1.53
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess\/scada | scope: | lte | version: | 9.1.3 | Trust: 1.0 |
| vendor: | advantech | model: | webaccess/scada | scope: | lte | version: | <=9.1.3 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-434 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
code problem
Trust: 0.6
PATCH
| title: | Patch for Advantech WebAccess/SCADA Arbitrary File Upload Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/537526 | Trust: 0.6 |
| title: | Advantech WebAccess/SCADA Fixes for code issue vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=240434 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-22450 | Trust: 2.3 |
| db: | ICS CERT | id: | ICSA-23-152-01 | Trust: 1.7 |
| db: | AUSCERT | id: | ESB-2023.3138 | Trust: 1.2 |
| db: | CNVD | id: | CNVD-2024-15543 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202306-084 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-22450 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 | Trust: 1.7 |
| url: | https://www.auscert.org.au/bulletins/esb-2023.3138 | Trust: 1.2 |
| url: | https://cxsecurity.com/cveshow/cve-2023-22450/ | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-22450 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/434.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2024-15543 |
| db: | VULMON | id: | CVE-2023-22450 |
| db: | CNNVD | id: | CNNVD-202306-084 |
| db: | NVD | id: | CVE-2023-22450 |
LAST UPDATE DATE
2024-08-14T14:43:12.428000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-15543 | date: | 2024-03-29T00:00:00 |
| db: | VULMON | id: | CVE-2023-22450 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-084 | date: | 2023-06-13T00:00:00 |
| db: | NVD | id: | CVE-2023-22450 | date: | 2023-06-12T16:56:27.357 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-15543 | date: | 2024-03-29T00:00:00 |
| db: | VULMON | id: | CVE-2023-22450 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-084 | date: | 2023-06-02T00:00:00 |
| db: | NVD | id: | CVE-2023-22450 | date: | 2023-06-06T00:15:09.310 |