CVE-2023-1437

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-822
View all →

Vulnerability Description

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Related Vulnerabilities

CVE-2018-12548

CRITICAL
CVSS:9.8(Critical)

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native c...

CWE-8222018

CVE-2018-14811

CRITICAL
CVSS:9.8(Critical)

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

CWE-8222018

CVE-2018-17893

CRITICAL
CVSS:9.8(Critical)

LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.

CWE-8222018

CVE-2018-7497

CRITICAL
CVSS:9.8(Critical)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-8222018

CVE-2023-43518

CRITICAL
CVSS:9.8(Critical)

Memory corruption in video while parsing invalid mp2 clip.

CWE-8222023

CVE-2020-17392

HIGH
CVSS:8.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code o...

CWE-8222020