CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 9.0
References () http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html - () http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html -
References () http://seclists.org/fulldisclosure/2023/Aug/13 - () http://seclists.org/fulldisclosure/2023/Aug/13 -
References () https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ - Exploit, Third Party Advisory () https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ - Exploit, Third Party Advisory
Summary
  • (es) Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad Cross-Site Scripting (XSS) Almacenado, que puede ser activada por usuarios autenticados en la herramienta ping de la interfaz web.

14 Aug 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html -

11 Aug 2023, 22:15

Type Values Removed Values Added
References
  • (MISC) http://seclists.org/fulldisclosure/2023/Aug/13 -

11 Aug 2023, 17:26

Type Values Removed Values Added
References (MISC) https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ - (MISC) https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ - Exploit, Third Party Advisory
CWE CWE-79
First Time Advantech eki-1524 Firmware
Advantech eki-1524
Advantech eki-1522 Firmware
Advantech eki-1521 Firmware
Advantech
Advantech eki-1522
Advantech eki-1521
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CPE cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:*

08 Aug 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-08 11:15

Updated : 2024-11-21 08:34


NVD link : CVE-2023-4203

Mitre link : CVE-2023-4203

CVE.ORG link : CVE-2023-4203


JSON object : View

Products Affected

advantech

  • eki-1524
  • eki-1522
  • eki-1522_firmware
  • eki-1521
  • eki-1521_firmware
  • eki-1524_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')