Rewterz

Rewterz Threat Alert – Black Basta Ransomware – Active IOCs

June 2, 2023
Rewterz

Rewterz Threat Alert –Tofsee Malware – Active IOCs

June 2, 2023

Rewterz Threat Advisory – ICS: Advantech WebAccess/SCADA Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-32540 CVSS:7.2

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

CVE-2023-22450 CVSS:7.2

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

CVE-2023-32628 CVSS:7.2

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.

Impact

  • Code Execution

Indicators Of Compromise

CVE

  • CVE-2023-32540
  • CVE-2023-22450
  • CVE-2023-32628

Affected Vendors

Advantech

Affected Products

  • WebAccess/SCADA versions 9.1.3 and prior

Remediation

Refer to CISA-CERT Advisory for patch, upgrade or suggested workaround information. 

CISA-CERT Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.