The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.
There is also a file inclusion vulnerability that could allow an attacker to execute arbitrary PHP commands. TALOS-2021-1273 (CVE-2021-21804) exists in R-SeeNet's options.php script functionality and could be triggered via a malicious HTTP request.
Talos is disclosing these vulnerabilities despite no official update from Advantech inside the 90-day deadline, as outlined in Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Advantech R-SeeNet, version 2.4.12 (20.10.2020). Talos tested and confirmed these versions of R-SeeNet could be exploited by this vulnerability.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57290 – 57293, 57305 - 57309, 57338 and 57339. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.