The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.

R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.

TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 - CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the targeted user's browser. An adversary could exploit any of these vulnerabilities by sending the target a malicious URL and tricking the user into opening it. Another command execution vulnerability, TALOS-2021-1274 (CVE-2021-21805), could allow an adversary to execute OS commands by sending the targeted device a specially crafted HTTP request.

There is also a file inclusion vulnerability that could allow an attacker to execute arbitrary PHP commands. TALOS-2021-1273 (CVE-2021-21804) exists in R-SeeNet's options.php script functionality and could be triggered via a malicious HTTP request.

Talos is disclosing these vulnerabilities despite no official update from Advantech inside the 90-day deadline, as outlined in Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Advantech R-SeeNet, version 2.4.12 (20.10.2020). Talos tested and confirmed these versions of R-SeeNet could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57290 – 57293, 57305 - 57309, 57338 and 57339. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.