cbcvebase.
CVE-2023-32628
published 2023-06-06

CVE-2023-32628: In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.71%
49.0th percentile
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechwebaccess_scada<= 9.1.3

Detection & IOCsextracted from sources · hover to see the quote

filename.ASP (certificate file with modified extension)
  • Monitor for certificate file uploads where the file extension has been changed to .ASP on Advantech WebAccess/SCADA web servers — this is the specific attack vector for CVE-2023-32628.
  • Exploitation requires the attacker to be authenticated as a manager-level user; alert on manager account logins followed by file upload activity to the web server.
  • Flag any .ASP files appearing in certificate upload directories on Advantech WebAccess/SCADA v9.1.3 and prior installations.
  • ·Exploitation requires high privileges (PR:H per CVSS vector), meaning the attacker must already hold manager-level credentials on the WebAccess/SCADA instance before the file upload attack can be executed.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.