CVE-2023-1437
CVSS V2 None
CVSS V3 None
Description
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Overview
- CVE ID
- CVE-2023-1437
- Assigner
- icscert
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-02T22:30:43.978Z
- Last Modified Date
- 2023-10-11T14:34:24.399Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-1437 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1437 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 08:43:06 | Added to TrackCVE |