CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on June 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-173-02 Advantech R-SeeNet ICSA-23-173-03 SpiderControl SCADAWebServer ICSA-23-026-02...

Advantech R-SeeNet 安全漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms. A security vulnerability exists in Advantech R-SeeNet version 2.4.22, which allows a low-level user ...

PT-2023-3612 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.22 Description: The issue is related to incorrect external control of a file name or path, allowing a remote attacker to gain unauthorized access to local files by sending specially crafted HTTP requests. This c...

Advantech R-SeeNet 信任管理问题漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, China. A security vulnerability exists in Advantech R-SeeNet, which can be exploited by an authenticated, remote attacker to submit a special request for unauthorized access to the system...

PT-2023-3302 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.22 Description: The issue is related to the use of hard-coded credentials in Advantech R-SeeNet. This allows a remote attacker to exploit the vulnerability and gain elevated privileges. The software comes with a...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker...

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the fact that it allows unauthorized code to be executed or service failures to be caused by allowing operations to occur outside the buffer boundaries.

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the execution of operations outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...

Advantech R-SeeNet SQL Injection (CVE-2021-21924)

An SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to improper input. A successful attack may result in arbitrary SQL command execution against the database on the target server...

CVE-2022-3385

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution...

CVE-2022-3386

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution...

CVE-2022-3385

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution...

CVE-2022-3387

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files...

Stack overflow

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution...

Stack overflow

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution...

Path traversal

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files...

CVE-2022-3387

Advantech R-SeeNet (software management platform) Versions 2.4.19 and earlier are affected by CVE-2022-3387 due to an improper restriction of a pathname (path traversal). An unauthorized, remote attacker could exploit vulnerable PHP code to delete arbitrary .PDF files. The issue is documented wit...

CVE-2022-3387

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files...

CVE-2022-3386

CVE-2022-3386 affects Advantech R-SeeNet; versions 2.4.17 and earlier are vulnerable to a stack-based buffer overflow triggered by an outsized filename, enabling remote code execution. Exploitation is possible remotely (no authentication required per ZDI advisory) with high impact (CVE-2022-3386,...

CVE-2022-3386

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution...

CVE-2022-3385

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution...