Unrestricted file upload vulnerability in ICP DAS ET-7060

Posted date 07/09/2023

Identificador

INCIBE-2023-0376

Importance

4 - High

Affected Resources

ET-7060, version 3.00.

Description

INCIBE has coordinated the publication of 1 vulnerability in ICP DAS ET-7060, an ethernet module, which has been discovered by Joel Serna Moreno, from Titanium Industrial Security team.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-4817: CVSS v3.1: 7,2 | CVSS: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | CWE-434.

Solution

There is no reported solution at this time.

Detail

CVE-2023-4817: unrestricted file upload vulnerability in ICP DAS ET-7060, affecting version 3.00. This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.

References list

Product sheet - ET-7060

Etiquetas

0day
CNA
Communications
Vulnerability