First published: Thu Jun 22 2023(Updated: )
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Advantech R-SeeNet | <=2.4.22 | |
Advantech R-SeeNet: versions 2.4.22 and prior |
Advantech released R-SeeNet 2.4.23, which fixes both vulnerabilities. All users are recommended to upgrade to this version: https://icr.advantech.cz/products/software/r-seenet https://icr.advantech.cz/products/software/r-seenet
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-2611 is critical with a severity value of 9.8.
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that cannot be found in the users list, and the password for this user cannot be changed.
Advantech R-SeeNet versions up to and including 2.4.22 are affected by CVE-2023-2611.
There is no known fix or patch available for CVE-2023-2611 at the moment. It is recommended to follow the guidance provided by the vendor or product manufacturer.
You can find more information about CVE-2023-2611 at the following reference URL: https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02