Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
14 Aug 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
11 Aug 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
11 Aug 2023, 17:25
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| First Time |
Advantech eki-1521 Firmware
Advantech eki-1524 Advantech Advantech eki-1522 Firmware Advantech eki-1522 Advantech eki-1521 Advantech eki-1524 Firmware |
|
| CWE | CWE-79 | |
| CPE | cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ - Exploit, Third Party Advisory |
08 Aug 2023, 12:51
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-08 11:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-4202
Mitre link : CVE-2023-4202
CVE.ORG link : CVE-2023-4202
JSON object : View
Products Affected
advantech
- eki-1524_firmware
- eki-1522_firmware
- eki-1521_firmware
- eki-1524
- eki-1522
- eki-1521
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')