Lucene search

[email protected]NVD:CVE-2023-4203

HistoryAug 08, 2023 - 11:15 a.m.

CVE-2023-4203

2023-08-0811:15:12

CWE-79

[email protected]

web.nvd.nist.gov

advantech

eki-1524

eki-1522

eki-1521

stored cross-site scripting

ping tool

web interface

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

Affected configurations

NVD

Node

advantecheki-1524_firmwareRange≤1.24

AND

advantecheki-1524Match-

Node

advantecheki-1522_firmwareRange≤1.24

AND

advantecheki-1522Match-

Node

advantecheki-1521_firmwareRange≤1.24

AND

advantecheki-1521Match-

References

packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2023/Aug/13

cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for NVD:CVE-2023-4203

prion1 cve1 cvelist1 ics1 packetstorm1