Unrestricted file upload vulnerability in ICP DAS ET-7060

Posted date 07/09/2023
4 - High
Affected Resources

ET-7060, version 3.00.


INCIBE has coordinated the publication of 1 vulnerability in ICP DAS ET-7060, an ethernet module, which has been discovered by Joel Serna Moreno, from Titanium Industrial Security team.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-4817: CVSS v3.1: 7,2 | CVSS: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | CWE-434.

There is no reported solution at this time.


CVE-2023-4817: unrestricted file upload vulnerability in ICP DAS ET-7060, affecting version 3.00. This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.

References list