| |
Podatność CVE-2023-1437
Publikacja: 2023-08-02 Modyfikacja: 2023-08-03
| Opis: |
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. |
Typ:
CWE-822 (Untrusted Pointer Dereference)
Referencje: |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English