CVE-2023-3256
published 2023-06-22CVE-2023-3256: Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
PriorityP347high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.65%
46.4th percentile
Advantech R-SeeNet
versions 2.4.22
allows low-level users to access and load the content of local files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | r-seenet | <= 2.4.22 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-79pm-5425-72gv: Advantech R-SeeNet
versions 2
ghsa_unreviewed·2023-06-22
CVE-2023-3256 [HIGH] CWE-610 GHSA-79pm-5425-72gv: Advantech R-SeeNet
versions 2
Advantech R-SeeNet
versions 2.4.22
allows low-level users to access and load the content of local files.
CISA ICS
Advantech R-SeeNet
cisa_ics·2023-06-22·CVSS 9.8
[CRITICAL] Advantech R-SeeNet
ICS Advisory
##
Advantech R-SeeNet
Release DateJune 22, 2023
Alert CodeICSA-23-173-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: R-SeeNet
- Vulnerability: Hard Coded Password, External Control of File Name or Path
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application:
- R-SeeNet: versions 2.4.22 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798
Advantech R-SeeNet is installed with
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-22
Published