CVE-2023-4215
CVE-2023-4215 is a medium-severity vulnerability in Advantech Webaccess with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1295.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- EPSS exploit prediction: 0% (37th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-1295
- Affected product: Advantech Webaccess
- Published:
- Last modified:
Description
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
Frequently asked questions
- What is CVE-2023-4215?
- Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
- How severe is CVE-2023-4215?
- CVE-2023-4215 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2023-4215 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (37th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-4215?
- CVE-2023-4215 affects Advantech Webaccess. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-4215?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2023-4215 published?
- CVE-2023-4215 was published on 2023-10-17 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:advantech:webaccess:9.1.3:*:*:*:*:*:*:*
More vulnerabilities in Advantech Webaccess
- CVE-2014-9208 — Critical (CVSS 10.0): Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote…
- CVE-2021-38389 — Critical (CVSS 9.8): Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an…
- CVE-2021-33023 — Critical (CVSS 9.8): Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker…
- CVE-2021-38408 — Critical (CVSS 9.8): A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper…
- CVE-2020-12019 — Critical (CVSS 9.8): WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to…
- CVE-2020-12022 — Critical (CVSS 9.8): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that…
All CVEs affecting Advantech Webaccess →
Other CWE-1295 vulnerabilities
- CVE-2024-38516 — High (CVSS 8.8): ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from…
- CVE-2025-31001 — High (CVSS 7.5): Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded…
- CVE-2024-45784 — High (CVSS 7.5): Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in…
- CVE-2023-5392 — High (CVSS 7.5): C300 information leak due to an analysis feature which allows extracting more memory over the network than required by…
- CVE-2025-42604 — Medium (CVSS 6.9): This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote…
- CVE-2025-2877 — Medium (CVSS 6.5): A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to…