Details of VAR-202310-0391

ID

VAR-202310-0391

CVE

CVE-2023-5642

TITLE

Advantech R-SeeNet Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-07862

DESCRIPTION

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Advantech R-SeeNet is an industrial monitoring software from China's Advantech Company. Advantech R-SeeNet has an information disclosure vulnerability that allows an attacker to obtain login credentials and default SNMP community strings from the snmpmon.ini file and use this information to launch further attacks on the affected system

Trust: 1.53

sources: NVD: CVE-2023-5642 // CNVD: CNVD-2024-07862 // VULMON: CVE-2023-5642

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-07862

AFFECTED PRODUCTS

vendor:	advantech	model:	r-seenet	scope:	eq	version:	2.4.23	Trust: 1.0
vendor:	advantech	model:	r-seenet	scope:	eq	version:	v2.4.23	Trust: 0.6

sources: CNVD: CNVD-2024-07862 // NVD: CVE-2023-5642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5642
value:	CRITICAL
Trust: 1.0
vulnreport@tenable.com:	CVE-2023-5642
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-07862
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-07862
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5642
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2024-07862 // NVD: CVE-2023-5642 // NVD: CVE-2023-5642

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: NVD: CVE-2023-5642

PATCH

title:

Patch for Advantech R-SeeNet Information Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/525691

Trust: 0.6

sources: CNVD: CNVD-2024-07862

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5642	Trust: 1.7
db:	TENABLE	id:	TRA-2023-33	Trust: 1.1
db:	CNVD	id:	CNVD-2024-07862	Trust: 0.6
db:	VULMON	id:	CVE-2023-5642	Trust: 0.1

sources: CNVD: CNVD-2024-07862 // VULMON: CVE-2023-5642 // NVD: CVE-2023-5642

REFERENCES

url:	https://tenable.com/security/research/tra-2023-33	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5642	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-07862 // VULMON: CVE-2023-5642 // NVD: CVE-2023-5642

SOURCES

db:	CNVD	id:	CNVD-2024-07862
db:	VULMON	id:	CVE-2023-5642
db:	NVD	id:	CVE-2023-5642

LAST UPDATE DATE

2024-08-14T13:41:27.810000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-07862	date:	2024-02-05T00:00:00
db:	VULMON	id:	CVE-2023-5642	date:	2023-10-18T00:00:00
db:	NVD	id:	CVE-2023-5642	date:	2023-10-25T01:24:38.107

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-07862	date:	2024-02-06T00:00:00
db:	VULMON	id:	CVE-2023-5642	date:	2023-10-18T00:00:00
db:	NVD	id:	CVE-2023-5642	date:	2023-10-18T16:15:08.943