CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

CVE-2023-22450

CVE-2023-22450 affects Advantech WebAccess/SCADA (v9.1.3 and earlier). The issue is an unrestricted upload of a file with a dangerous type, allowing an ASP script to be uploaded when logged in as a manager, which can lead to arbitrary code execution on the web server. The root cause is lack of pr...

CVE-2023-22450

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution...

CVE-2023-32540

Affected product: Advantech WebAccess/SCADA (versions 9.1.3 and prior). The vulnerability is an arbitrary file overwrite in the software that could allow overwriting any OS file, injecting code into an XLS file, and changing file extensions, potentially enabling arbitrary code execution. Impact i...

CVE-2023-32628

CVE-2023-32628 affects Advantech WebAccess/SCADA versions 9.1.3 and earlier. An arbitrary file upload vulnerability could let an attacker modify a certificate file’s extension to ASP when uploading, enabling remote code execution. Mitigation per CISA ICS advisory is to upgrade to WebAccess/SCADA ...