CVE-2023-32540
Last modified
CVE-2023-32540 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. . EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Webaccess\/Scada | <= 9.1.3 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01Mitigation, Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-32540?
How severe is CVE-2023-32540?
How do I fix CVE-2023-32540?
Are you affected by CVE-2023-32540?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST