Advantech Products Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in multiple Advantech products, including the WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN models. This vulnerability allows an attacker to inject malicious scripts into device fields, which are then executed in the browsers of other users. The exploitation of this vulnerability could lead to session hijacking, defacement, credential theft, or privilege escalation.

Impact

Exploitation of this vulnerability could result in session hijacking, defacement, credential theft, or privilege escalation.

Remediation

Users and administrators of affected Advantech products are advised to enable the Security Mode feature, which restricts access to unsecured web interfaces and disables unnecessary services. Additionally, for the WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN models, users should update to the latest firmware version A2.02 B00, which addresses this vulnerability and includes the option to disable Modbus TCP communication if not needed.