Rewterz Threat Advisory – ICS: Multiple Advantech R-SeeNet Vulnerabilities

Rewterz Threat Advisory – CVE-2023-31469 – Apache StreamPipes Vulnerability

June 26, 2023

Rewterz Threat Advisory – CVE-2023-27992 – Zyxel NAS326 Vulnerability

June 26, 2023

Rewterz Threat Advisory – ICS: Multiple Advantech R-SeeNet Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-3256 CVSS:8.8

Advantech R-SeeNet could allow a remote authenticated attacker to bypass security restrictions, caused by the external control of a filename or path. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.

CVE-2023-2611 CVSS:9.8

Advantech R-SeeNet contains default hardcoded credentials. A remote attacker could exploit this vulnerability to gain access to the system.

Impact

Security Bypass
Gain Access

Indicators Of Compromise

CVE

CVE-2023-3256
CVE-2023-2611

Affected Vendors

Advantech

Affected Products

Advantech R-SeeNet 2.4.22

Remediation

Upgrade to the latest version of R-SeeNet, available from the Advantech Web site.

Advantech Web site

Rewterz Threat Advisory – CVE-2023-31469 – Apache StreamPipes Vulnerability

Rewterz Threat Advisory – CVE-2023-27992 – Zyxel NAS326 Vulnerability

Rewterz Threat Advisory – ICS: Multiple Advantech R-SeeNet Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan