Advantech R-SeeNet External Control of File Name or Path

Vulnerability

Advantech R-SeeNet versions 2.4.22 and prior contain an External Control of File Name or Path (CWE-73) vulnerability [1]. The application does not properly validate file paths supplied by authenticated low-privilege users, allowing them to access and load the content of arbitrary local files on the system [1].

Exploitation

An attacker with a low-privileged account on the R-SeeNet application can exploit this flaw remotely over the network with low attack complexity [1]. No user interaction is required. The attacker sends crafted requests to manipulate file path references, bypassing intended access restrictions [1].

Impact

Successful exploitation allows the attacker to read arbitrary files from the local filesystem, leading to disclosure of sensitive information such as configuration files containing credentials or other operational data [1]. This can escalate to full system compromise if combined with the hard-coded credential vulnerability (CVE-2023-2611) also present in the same product [1].

Mitigation

Advantech released R-SeeNet version 2.4.23, which fixes the vulnerability [1]. All users should upgrade immediately. The update can be obtained from Advantech's software portal [1]. CISA also recommends following least-privilege principles and minimizing network exposure for control systems as defensive measures [1].