cbcvebase.
CVE-2023-1437
published 2023-08-02

CVE-2023-1437: All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.80%
84.7th percentile
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechwebaccess_scada< 9.1.49.1.4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability involves RPC arguments containing raw memory pointers sent from client to server; monitor for anomalous RPC calls to Advantech WebAccess/SCADA services where arguments contain raw pointer values (untrusted pointer dereference pattern).
  • Successful exploitation enables remote file system access and remote command execution on the WebAccess/SCADA server; monitor for unexpected file reads/writes and process execution originating from the WebAccess/SCADA service process.
  • The vulnerability is exploitable remotely with no authentication and low attack complexity (CVSS AV:N/AC:L/PR:N/UI:N); prioritize detection of unauthenticated RPC traffic targeting WebAccess/SCADA endpoints exposed to the network.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication; detection efforts should focus on behavioral anomalies rather than known exploit signatures.
  • ·All versions of Advantech WebAccess/SCADA prior to 9.1.4 are affected; version identification is necessary to scope detection and patching efforts.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.