CVE-2023-4215
published 2023-10-17CVE-2023-4215: Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.46%
36.8th percentile
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m6vw-rhwf-xjxq: Advantech WebAccess version 9
ghsa_unreviewed·2023-10-17
CVE-2023-4215 [HIGH] CWE-1295 GHSA-m6vw-rhwf-xjxq: Advantech WebAccess version 9
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CISA ICS
Advantech WebAccess
cisa_ics·2023-10-12·CVSS 6.5
[MEDIUM] Advantech WebAccess
ICS Advisory
##
Advantech WebAccess
Release DateOctober 12, 2023
Alert CodeICSA-23-285-15
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: WebAccess
- Vulnerability: Debug Messages Revealing Unnecessary Information
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could leak user credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Advantech WebAccess, are affected:
- Advantech WebAccess: Version 9.1.3.
## 3.2 Vulnerability Overview
3.2.1 DEBUG MESSAGES REVEALING UNNECESSARY INFORMATION CWE-1295
Advantech WebAccess Version 9.1.3 could expose user credentials to an unauthorized actor. When configuring or modifyi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-17
Published