Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure.
The monitoring tool collects information from routers in the network and stores it into a SQL database. The flaws discovered by Talos reside in several scripts inside of R-SeeNet’s web applications.
“There is also a file inclusion vulnerability that could allow an attacker to execute arbitrary PHP commands. TALOS-2021-1273 (CVE-2021-21804) exists in R-SeeNet’s options.php script functionality and could be triggered via a malicious HTTP request.”
The flaws affect R-SeeNet version 2.4.12 and Talos team reported them to Advantech in March.
The experts decided to publicly disclose the vulnerabilities after Advantech failed to address them within the 90-day deadline, they also published proof-of-concept (PoC) exploits for the issues.
Cisco Talos also released SNORT rules 57290 – 57293, 57305 – 57309, 57338 and 57339, to detect exploitation attempts against the above flaws
(SecurityAffairs – hacking, Advantech)