CVE-2023-4203
published 2023-08-08CVE-2023-4203: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.87%
54.2th percentile
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | eki-1521 | <= 1.24 | — |
| advantech | eki-1521_firmware | <= 1.24 | — |
| advantech | eki-1522 | <= 1.24 | — |
| advantech | eki-1522_firmware | <= 1.24 | — |
| advantech | eki-1524 | <= 1.24 | — |
| advantech | eki-1524_firmware | <= 1.24 | — |
| openssl | openssl | >= 0 < 1.1.1-1ubuntu2.1~18.04.21 | 1.1.1-1ubuntu2.1~18.04.21 |
| openssl | openssl | >= 0 < 1.1.1f-1ubuntu2.17 | 1.1.1f-1ubuntu2.17 |
| openssl | openssl | >= 0 < 3.0.2-0ubuntu1.8 | 3.0.2-0ubuntu1.8 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfq6-hv3w-q46x: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1
ghsa_unreviewed·2023-08-08
CVE-2023-4203 [MEDIUM] CWE-79 GHSA-mfq6-hv3w-q46x: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
OSV
openssl vulnerabilities
osv·2023-02-07·CVSS 4.9
CVE-2023-0286 openssl vulnerabilities
openssl vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)
Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive information. (CVE-2022-4304)
Dawei Wang discovered that OpenSSL incor
CISA ICS
Advantech EKI-1524-CE series
cisa_ics·2023-09-26·CVSS 9.0
[CRITICAL] Advantech EKI-1524-CE series
ICS Advisory
##
Advantech EKI-1524-CE series
Release DateSeptember 26, 2023
Alert CodeICSA-23-269-04
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.4
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Advantech
- Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE
- Vulnerabilities: Cross-Site Scripting
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the session.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Advantech serial device servers are affected:
- EKI-1524-CE series: versions 1.24 and prior
- EKI-1522-CE series: versions 1.24 and prior
- EKI-1521-CE series: versions 1.24 and prior
## 3.2 Vulnerability Ove
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2023/Aug/13https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2023/Aug/13https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/
2023-08-08
Published