Sign-up

ID

VAR-202310-0320


CVE

CVE-2023-4215


TITLE

Advantech  Made  WebAccess  information disclosure vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003824

DESCRIPTION

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Advantech Provided by the company WebAccess The following vulnerabilities exist in. It was * information leak (CWE-200) - CVE-2023-4215If the vulnerability is exploited, it may be affected as follows. It was * When configuring or changing your account information on that device; Cloud Agent Debug User credentials are stolen using the service. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech, a Chinese company. The software supports dynamic graphic display and real-time data control, and provides the function of remote control and management of automation equipment

Trust: 2.16

sources: NVD: CVE-2023-4215 // JVNDB: JVNDB-2023-003824 // CNVD: CNVD-2024-07863

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-07863

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:9.1.3

Trust: 1.6

vendor:アドバンテック株式会社model:webaccessscope:eqversion: -

Trust: 0.8

vendor:アドバンテック株式会社model:webaccessscope:eqversion:version 9.1.3

Trust: 0.8

sources: CNVD: CNVD-2024-07863 // JVNDB: JVNDB-2023-003824 // NVD: CVE-2023-4215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-4215
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2023-4215
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-003824
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-07863
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-07863
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-4215
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2023-4215
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-003824
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-07863 // JVNDB: JVNDB-2023-003824 // NVD: CVE-2023-4215 // NVD: CVE-2023-4215

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-1295

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003824 // NVD: CVE-2023-4215

PATCH

title:WebAccess/SCADAurl:https://www.advantech.com/en/support/details/installation?id=1-MS9MJV

Trust: 0.8

title:Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2024-07863)url:https://www.cnvd.org.cn/patchInfo/show/525696

Trust: 0.6

sources: CNVD: CNVD-2024-07863 // JVNDB: JVNDB-2023-003824

EXTERNAL IDS

db:NVDid:CVE-2023-4215

Trust: 3.2

db:ICS CERTid:ICSA-23-285-15

Trust: 1.8

db:JVNid:JVNVU93637774

Trust: 0.8

db:JVNDBid:JVNDB-2023-003824

Trust: 0.8

db:CNVDid:CNVD-2024-07863

Trust: 0.6

sources: CNVD: CNVD-2024-07863 // JVNDB: JVNDB-2023-003824 // NVD: CVE-2023-4215

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-4215

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93637774/index.html

Trust: 0.8

sources: CNVD: CNVD-2024-07863 // JVNDB: JVNDB-2023-003824 // NVD: CVE-2023-4215

SOURCES

db:CNVDid:CNVD-2024-07863
db:JVNDBid:JVNDB-2023-003824
db:NVDid:CVE-2023-4215

LAST UPDATE DATE

2025-03-14T22:49:39.837000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-07863date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2023-003824date:2024-05-22T07:49:00
db:NVDid:CVE-2023-4215date:2024-10-24T17:15:14.653

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-07863date:2024-02-06T00:00:00
db:JVNDBid:JVNDB-2023-003824date:2023-10-16T00:00:00
db:NVDid:CVE-2023-4215date:2023-10-17T00:15:11.327