31 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the database. The issue results from the existence of an additional user in the database that is not visible in the web application. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability. The specific flaw exists within the device_status page. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede utilizar un nombre de archivo de gran tamaño para Desbordamiento del Búfer y permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. Las versiones 2.4.19 y anteriores de Advantech R-SeeNet son vulnerables a ataques de Path Traversal. Un atacante no autorizado podría explotar de forma remota un código PHP vulnerable para eliminar archivos .PDF. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech R-SeeNet. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede desbordar el Búfer de forma remota y permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •