// For flags

CVE-2022-3385

Advantech R-SeeNet show_code Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede desbordar el Búfer de forma remota y permitir la ejecución remota de código.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of POST requests sent to the show_code.php endpoint. When processing the filename element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.

*Credits: rgod, Trend Micro Zero Day Initiative
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-30 CVE Reserved
  • 2022-10-21 CVE Published
  • 2024-06-03 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 Government Resource
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Advantech
Search vendor "Advantech"
 R-seenet
Search vendor "Advantech" for product "R-seenet"
 <= 2.4.17
Search vendor "Advantech" for product "R-seenet" and version " <= 2.4.17"
-
Affected