ID
VAR-202310-0320
CVE
CVE-2023-4215
TITLE
Advantech Made WebAccess information disclosure vulnerability in
Trust: 0.8
DESCRIPTION
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Advantech Provided by the company WebAccess The following vulnerabilities exist in. It was * information leak (CWE-200) - CVE-2023-4215If the vulnerability is exploited, it may be affected as follows. It was * When configuring or changing your account information on that device; Cloud Agent Debug User credentials are stolen using the service
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess | scope: | eq | version: | 9.1.3 | Trust: 1.0 |
| vendor: | アドバンテック株式会社 | model: | webaccess | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アドバンテック株式会社 | model: | webaccess | scope: | eq | version: | version 9.1.3 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-1295 | Trust: 1.0 |
| problemtype: | information leak (CWE-200) [ others ] | Trust: 0.8 |
PATCH
| title: | WebAccess/SCADA | url: | https://www.advantech.com/en/support/details/installation?id=1-MS9MJV | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-4215 | Trust: 2.6 |
| db: | ICS CERT | id: | ICSA-23-285-15 | Trust: 1.8 |
| db: | JVN | id: | JVNVU93637774 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-003824 | Trust: 0.8 |
REFERENCES
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15 | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu93637774/index.html | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-4215 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2023-003824 |
| db: | NVD | id: | CVE-2023-4215 |
LAST UPDATE DATE
2024-10-25T23:34:56.875000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2023-003824 | date: | 2024-05-22T07:49:00 |
| db: | NVD | id: | CVE-2023-4215 | date: | 2024-10-24T17:15:14.653 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2023-003824 | date: | 2023-10-16T00:00:00 |
| db: | NVD | id: | CVE-2023-4215 | date: | 2023-10-17T00:15:11.327 |