VDB
ICSA-23-026-06
ICSA-23-026-06
PUBLISHED
CVSS 7.5 HIGH
Successful exploitation of these vulnerabilities could have a high impact on the confidentiality, integrity, and availability of the vulnerable devices.
Risk Scores
CVSS 3.1
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Products using GoAhead Web Server: 1732E-8IOLM12R: firmware version 2.011 | ||
| Products using GoAhead Web Server: 1732E-IR4IM12R/A: firmware version 1.012 | ||
| Products using GoAhead Web Server: 1769-AENTR: firmware version 1.001 | ||
| 31 | ||
| Products using GoAhead Web Server: 1756-HIST2G/A(discontinued): firmware versions up to and including 3.054 | ||
| Products using GoAhead Web Server: 1732E-OF4M12R/A: firmware version 1.012 | ||
| Products using GoAhead Web Server: 1732E-8CFGM8R/A: firmware version 1.012 | ||
| Products using GoAhead Web Server: 1756-HIST1G/A (discontinued): firmware versions up to and including 3.054 | ||
| Products using GoAhead Web Server: 1756-EN2TSC/B: firmware version 10.01 | ||
| Products using GoAhead Web Server: 1756-EN2TSC/B (discontinued): firmware version 10.01 | ||
| Products using GoAhead Web Server: 1732E-IB8M8SOER: firmware version 1.012 | ||
| Products using GoAhead Web Server: 1732E-IT4IM12R/A: firmware version 1.012 | ||
| Products using GoAhead Web Server: 5069-AEN2TR: firmware version 3.011 | ||
| Products using GoAhead Web Server: 1756-HIST2G/B: firmware versions up to and including 5.103 | ||
| Products using GoAhead Web Server: 1756-EN2T/D: firmware versions up to and including 11.001 | ||
| 28 | ||
| Products using GoAhead Web Server: 1732E-OB8M8SR/A: firmware version 1.013 | ||
| Products using GoAhead Web Server: 1732E-IF4M12R/A (discontinued): firmware version 1.012 | ||
| Products using GoAhead Web Server: 1756-EN2TR/C: firmware versions up to and including 11.001 | ||
| Products using GoAhead Web Server: 1747-AENTR: firmware version 2.002 |
Exploit Intelligence
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-026-06.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-026-06 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
- https://www.rockwellautomation.com/en-us/support/documentation/literature-library.html (circl)
Timeline
- Jan 26, 2023 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-026-06.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-026-06 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.rockwellautomation.com/en-us/support/documentation/literature-library.html fix