CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Published: Aug 3, 2023
Updated: Oct 12, 2023
CVE: CVE-2023-1437
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-822

Affected Software
References

Software	From	Fixed in
advantech / webaccess/scada	-	9.1.4

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02

Vulnerability Database

289,697

CVE-2023-1437