Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2023-1437
Vulnerability Description
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
非可信指针解引用
Vulnerability Title
Advantech WebAccess/SCADA 缓冲区错误漏洞
Vulnerability Description
Advantech WebAccess/SCADA是中国研华(Advantech)公司的一套基于浏览器架构的SCADA软件。该软件支持动态图形显示和实时数据控制,并提供远程控制和管理自动化设备的功能。 Advantech WebAccess SCADA 9.1.4之前版本存在缓冲区错误漏洞,该漏洞源于容易受到不受信任指针的影响,客户端发送给客户端的 RPC 参数可以包含原始内存指针,供服务器按原样使用,这可能允许攻击者获得对远程文件系统的访问权限以及执行命令和覆盖文件的能力。
CVSS Information
N/A
Vulnerability Type
N/A