CVE-2021-21917: 
Advantech R-SeeNet vulnerability analysis and mitigation

CVE-2021-21917 is a SQL injection vulnerability discovered in Advantech R-SeeNet version 2.4.15 (30.07.2021). The vulnerability exists in the 'group_list' page and specifically affects the 'ord' parameter. The vulnerability was discovered by Yuri Kramarz of Cisco Talos and was publicly disclosed on November 22, 2021 (Talos Report).

The vulnerability exists due to improper handling of the 'ord' parameter in the group_list.php file. The parameter is set as a session variable on line 105 and is later used to build an SQL query without proper parameter binding. The CVSS v3 base score is 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), indicating a high severity issue. The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (CISA Advisory).

Successful exploitation of this vulnerability could allow an authenticated attacker to perform SQL injection attacks against the database. The attacker could potentially retrieve sensitive information from the product's database through specially crafted HTTP requests (Talos Report).

Advantech has released version 2.4.17 to address this vulnerability. Users are recommended to update to this version or later. Additionally, CISA recommends minimizing network exposure for control system devices, ensuring they are not accessible from the Internet, and locating control system networks and remote devices behind firewalls (CISA Advisory).