CVE-2023-2866 Information

Description

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5 a web shell could be used to give the attacker full control of the SCADA server.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01