CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

CWE 1 Total

Learn more

CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
9.0	CRITICAL	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

Credits

R. Haas finder
A. Resanovic finder
T. Etzenberger finder
M. Bineder finder

References 3 Total

https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/
external site
http://seclists.org/fulldisclosure/2023/Aug/13
external site
http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html
external site

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/
external site
x_transferred
http://seclists.org/fulldisclosure/2023/Aug/13
external site
x_transferred
http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html
external site
x_transferred

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: CyberDanube

Description

CWE 1 Total

CVSS 1 Total

Product Status

Credits

References 3 Total

CVE Program

References 3 Total

Authorized Data Publishers

CISA-ADP