Hello!
To view this content, please sign up or log in – it’s free and easy! Stay ahead with curated regulatory insights designed for professionals like you.
Brief
Here is a summary of the document in a concise format:
Summary:
Advantech has announced two Cross-Site Scripting (XSS) vulnerabilities, CVE-2023-4202 and CVE-2023-4203, affecting its EKI-1524-CE, EKI-1522-CE, and EKI-1521-CE serial device servers. The vulnerabilities have a CVSS v3 base score of 5.4 and can be exploited remotely by authenticated users. The affected devices are vulnerable due to stored XSS vulnerabilities in the device name field and ping tool of the web interface. The vulnerabilities can allow an attacker to execute code in the context of the session. Advantech recommends upgrading to the latest version (v1.26) to mitigate the risks. CISA also provides guidelines for minimizing the risk of exploitation, including upgrading, isolating devices, and implementing defensive measures.
Highlights content goes here...
Hello!
To view this content, please sign up or log in – it’s free and easy! Stay ahead with curated regulatory insights designed for professionals like you.
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
