[EN] St. Pölten UAS | Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: <=1.21 (CVE-2023-4202), <=1.24 (CVE-2023-4203) Fixed version: 1.26 CVE: CVE-2023-4202, CVE-2023-4203 Impact: Medium Homepage: https://advantech.com Found: 2023-05-04 By: R. Haas, A. Resanovic, T. Etzenberger, M. Bineder Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Advantech EKI-1524/1522/1521 devices are prone to multiple Stored Cross-Site Scripting (XSS). "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms....

[EN] Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: 1.21 Fixed version: 1.24 CVE: CVE-2023-2573, CVE-2023-2574, CVE-2023-2575 Impact: High Homepage: https://advantech.com Found: 2023-03-06 Advantech EKI-1524/1522/1521 devices are prone to authenticated command injections and a buffer overflow vulnerability. These vulnerabilities can be used to execute arbitrary commands on OS level. "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial...

[EN] Multiple Vulnerabilities in Korenix JetWave Series

Title: Multiple Vulnerabilities Product: JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, JetWave 2414/2114, JetWave 2424, JetWave 2460, JetWave 3220/3420 V3 Vulnerable version: See "Vulnerable Versions" Fixed version: See "Solution" CVE: CVE-2023-23294, CVE-2023-23295, CVE-2023-23296 Impact: High Homepage: https://korenix.com Found: 2022-11-28 Multiple JetWave products from Korenix are prone to command injection and denial of service (DoS) vulnerabilities. “Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. […] Our products...

[EN] Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

Title: Authenticated Command Injection Product: Delta Electronics DVW-W02W2-E2 Vulnerable version: V2.42 Fixed version: V2.5.2 CVE: CVE-2022-42139 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DVW-W02W2-E2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide innovative, clean and energy -efficient solutions for a better tomorrow," focuses on addressing key environmental issues such as global climate change. As an energy-saving...

[EN] Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

Title: Multiple Vulnerabilities Product: Delta Electronics DX-2100-L1-CN Vulnerable version: V1.5.0.10 Fixed version: V1.5.0.12 CVE: CVE-2022-42140, CVE-2022-42141 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DX-2100-L1-CN is prone to authenticated command injection and a stored cross-site scripting (XSS) vulnerability. The XSS vulnerability can be used to execute arbitrary commands in the context of a user's browser. The command injection allows an attacker to execute system commands on the device itself. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide...

[EN] Authenticated Command Injection in Hirschmann (Belden) BAT-C2

Title: Multiple Critical Vulnerabilities Product: Hirschmann (Belden) BAT-C2 Vulnerable version: 8.8.1.0R8 Fixed version: 09.13.01.00R04 CVE: CVE-2022-40282 Impact: High Homepage: https://hirschmann.com/ | https://beldensolutions.com Found: 2022-08-01 Hirschmann BAT-C2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "The Technology and Market Leader in Industrial Networking. Hirschmann™ develops innovative solutions, which are geared towards its customers’ requirements in terms of performance, efficiency and investment reliability." Source: https://beldensolutions.com/en/Company/About_Us/belden_brands/index.phtml Hirschmann (Belden) BAT-C2 1) Authenticated Command Injection The web server of the device is prone to an...

[EN] Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Title: Authenticated Command Injection Product: Intelbras WiFiber 120AC inMesh Vulnerable version: 1.1-220216 Fixed version: 1-1-220826 CVE: CVE-2022-40005 Impact: High Homepage: https://www.intelbras.com Found: 2022-08-01 The Intelbras WiFiber 120AC inMesh is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "We are Intelbras. A company that for 45 years has been offering innovative solutions in security, networks, communication and energy. Our dream began to come to life there in 1976, in the city of São José, having originated from an...