CVE-2023-22450
Description
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Arbitrary file upload in Advantech WebAccess/SCADA <=9.1.3 allows manager users to upload ASP scripts leading to remote code execution.
Vulnerability
In Advantech WebAccess/SCADA versions 9.1.3 and prior, there is an unrestricted file upload vulnerability (CWE-434) that allows an attacker to upload an ASP script file to the webserver. The vulnerability requires the attacker to be authenticated as a manager user. [1]
Exploitation
An attacker who is logged in as a manager user can upload an ASP script file to the webserver. The attack is performed remotely, has low complexity, and requires no user interaction. The specific steps involve using the file upload functionality to upload a malicious ASP file. [1]
Impact
Successful exploitation allows arbitrary code execution on the server. The attacker can achieve high impact on confidentiality, integrity, and availability. The CVSS v3 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). [1]
Mitigation
As of the available reference, no fix has been disclosed. Users are advised to refer to Advantech's security advisory and apply any updates when they become available. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=9.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.