CVE-2023-32628
published 2023-06-06CVE-2023-32628: In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.71%
49.0th percentile
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess_scada | <= 9.1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for certificate file uploads where the file extension has been changed to .ASP on Advantech WebAccess/SCADA web servers — this is the specific attack vector for CVE-2023-32628. ↗
- →Exploitation requires the attacker to be authenticated as a manager-level user; alert on manager account logins followed by file upload activity to the web server. ↗
- →Flag any .ASP files appearing in certificate upload directories on Advantech WebAccess/SCADA v9.1.3 and prior installations. ↗
- ·Exploitation requires high privileges (PR:H per CVSS vector), meaning the attacker must already hold manager-level credentials on the WebAccess/SCADA instance before the file upload attack can be executed. ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fh4m-c7j6-hfcf: In Advantech WebAccss/SCADA v9
ghsa_unreviewed·2023-06-06
CVE-2023-32628 [CRITICAL] CWE-434 GHSA-fh4m-c7j6-hfcf: In Advantech WebAccss/SCADA v9
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
CISA ICS
Advantech WebAccess/SCADA
cisa_ics·2023-06-01·CVSS 7.2
[HIGH] Advantech WebAccess/SCADA
ICS Advisory
##
Advantech WebAccess/SCADA
Release DateJune 01, 2023
Alert CodeICSA-23-152-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: WebAccess Node
- Vulnerabilities: Improper Control of Generation of Code ('Code Injection'), Unrestricted Upload of File with Dangerous Type
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to arbitrarily overwrite files resulting in remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Advantech products are affected:
- WebAccess/SCADA versions 9.1.3 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-9
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-06
Published