CVE-2023-4203

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4203
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2023/Aug/13
https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-08-08 11:15

Updated : 2023-08-14 19:15

NVD link : CVE-2023-4203

Mitre link : CVE-2023-4203

CVE.ORG link : CVE-2023-4203

JSON object : View

Products Affected

advantech

  • eki-1524
  • eki-1522
  • eki-1521_firmware
  • eki-1522_firmware
  • eki-1524_firmware
  • eki-1521
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')