Headline
CVE-2023-4817: Unrestricted File Upload Vulnerability Icp Das Et 7060 | INCIBE-CERT
This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.
Affected Resources
ET-7060, version 3.00.
Description
INCIBE has coordinated the publication of 1 vulnerability in ICP DAS ET-7060, an ethernet module, which has been discovered by Joel Serna Moreno, from Titanium Industrial Security team.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-4817: CVSS v3.1: 7,2 | CVSS: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | CWE-434.
Solution
There is no reported solution at this time.
Detail
CVE-2023-4817: unrestricted file upload vulnerability in ICP DAS ET-7060, affecting version 3.00. This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.