CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32628
https://notcve.org/view.php?id=CVE-2023-32628
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 2CVE-2023-2573 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 2CVE-2023-2574 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-2575 – Authenticated Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2575
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3386 – Advantech R-SeeNet out Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3386
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede utilizar un nombre de archivo de gran tamaño para Desbordamiento del Búfer y permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •