ID
VAR-202308-1647
CVE
CVE-2023-1437
TITLE
Advantech Made WebAccess/SCADA Untrusted Pointer Reference Vulnerability in
Trust: 0.8
DESCRIPTION
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. Advantech Provided by WebAccess/SCADA is a browser-based SCADA It's a software package. WebAccess/SCADA The following vulnerabilities exist in. It was * unreliable pointer reference (CWE-822) - CVE-2023-1437If the vulnerability is exploited, it may be affected as follows
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess\/scada | scope: | lt | version: | 9.1.4 | Trust: 1.0 |
| vendor: | アドバンテック株式会社 | model: | webaccess/scada | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アドバンテック株式会社 | model: | webaccess/scada | scope: | lt | version: | v9.1.4 earlier | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-822 | Trust: 1.0 |
| problemtype: | CWE-119 | Trust: 1.0 |
| problemtype: | unreliable pointer dereference (CWE-822) [ others ] | Trust: 0.8 |
PATCH
| title: | WebAccess/SCADA | url: | https://www.advantech.com/en/support/details/installation?id=1-MS9MJV | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-1437 | Trust: 2.7 |
| db: | ICS CERT | id: | ICSA-23-166-02 | Trust: 1.9 |
| db: | JVN | id: | JVNVU91768920 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-002113 | Trust: 0.8 |
| db: | VULMON | id: | CVE-2023-1437 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02 | Trust: 1.9 |
| url: | http://jvn.jp/vu/jvnvu91768920/index.html | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-1437 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/822.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2023-1437 |
| db: | JVNDB | id: | JVNDB-2023-002113 |
| db: | NVD | id: | CVE-2023-1437 |
LAST UPDATE DATE
2024-08-14T15:31:57.736000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-1437 | date: | 2023-08-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-002113 | date: | 2024-04-08T08:36:00 |
| db: | NVD | id: | CVE-2023-1437 | date: | 2024-02-01T00:57:56.540 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-1437 | date: | 2023-08-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-002113 | date: | 2023-06-19T00:00:00 |
| db: | NVD | id: | CVE-2023-1437 | date: | 2023-08-02T23:15:10.153 |