CVE-2023-2866

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-351
View all →

Vulnerability Description

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.

Related Vulnerabilities

CVE-2020-10134

MEDIUM
CVSS:6.3(Medium)

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different...

CWE-3512020

CVE-2024-4769

MEDIUM
CVSS:5.9(Medium)

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn in...

CWE-3512024

CVE-2025-30510

CRITICAL
CVSS:9.8(Critical)

An attacker can upload an arbitrary file instead of a plant image.

CWE-3512025

CVE-2020-10134

MEDIUM
CVSS:6.3(Medium)

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different...

CWE-3512020

CVE-2024-4769

MEDIUM
CVSS:5.9(Medium)

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn in...

CWE-3512024

CVE-2025-47939

MEDIUM
CVSS:5.4(Medium)

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the...

CWE-3512025