Advantech Product Security Update Advisory
Overview
An update has been released to address vulnerabilities in Advantech Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373, CVE-2024-50374, CVE-2024-50376, CVE-2024-50359
- EKI-6333AC-2G versions: ~ 1.6.3 (inclusive)
- EKI-6333AC-2GD versions: ~ 1.6.3 (inclusive)
- EKI-6663AC-1GPO versions: ~ 1.2.1 (inclusive)
Resolved Vulnerabilities
Remote command execution vulnerability in EKI-6333AC-2G, EKI-6333AC-2GD, EKI-6333AC-1GPO (CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373, CVE-2024-50374)
XSS Vulnerability in EKI-6333AC-2G, EKI-6333AC-2GD, EKI-6333AC-1GPO (CVE-2024-50376)
Command Injection Vulnerability in EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO (CVE-2024-50359)
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373, CVE-2024-50374, CVE-2024-50376, CVE-2024-50359
- EKI-6333AC-2G version: 1.6.5
- EKI-6333AC-2GD version: 1.6.5
- EKI-6663AC-1GPO version: 1.2.2
Referenced Sites
[1] CVE-2024-50370 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50370
[2] CVE-2024-50371 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50371
[3] CVE-2024-50372 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50372
[4] CVE-2024-50373 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50373
[5] CVE-2024-50374 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50374
[6] CVE-2024-50376 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50376
[7] CVE-2024-50359 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-50359
[8] FW of EKI-6333AC-2G & EKI-6333AC-2GD
https://www.advantech.com/en/support/details/firmware?id=1-1Y1Q6G7
[9] EKI-6333AC-1GPO Firmware for WorldWide (CA)
https://www.advantech.com/en/support/details/firmware?id=1-2NPZ6GU