Advantech R-SeeNet Use of Hard-coded Credentials

Vulnerability

Advantech R-SeeNet versions 2.4.22 and prior are installed with a hidden root-level user that is not listed in the users interface. This hidden user has a hard-coded password that cannot be changed by any legitimate user [1]. The flaw is classified as CWE-798 (Use of Hard-coded Credentials).

Exploitation

The vulnerability is remotely exploitable with low attack complexity. An attacker needs no prior authentication, user interaction, or special network position beyond reachability to the R-SeeNet service. By using the hard-coded credentials for the hidden root user, the attacker can authenticate to the application over the network [1].

Impact

Successful exploitation allows the attacker to gain root-level access to the R-SeeNet monitoring application. This gives them the ability to compromise all three pillars of security: confidentiality (reading sensitive data), integrity (modifying system files or configurations), and availability (potentially disrupting monitoring services). The CVSS v3 base score is 9.8 (Critical), with the vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [1].

Mitigation

Advantech released R-SeeNet version 2.4.23, which fixes this vulnerability. All users are strongly recommended to upgrade to this version immediately. Additionally, users should minimize network exposure for all control system devices and ensure the least-privilege principle is followed [1].