CVE-2021-21925: 
Advantech R-SeeNet vulnerability analysis and mitigation

CVE-2021-21925 is a SQL injection vulnerability discovered in Advantech R-SeeNet version 2.4.15. The vulnerability exists in the 'device_list' page where a specially-crafted HTTP request can lead to SQL injection through the 'firm_filter' parameter. This vulnerability was disclosed on November 22, 2021, and affects the Advantech R-SeeNet monitoring application used for collecting information from individual routers in the network (Talos Intelligence).

The vulnerability occurs due to misuse of prepared statements in conjunction with stored procedures and SQL concatenation. When variables used to build SQL queries are initially sanitized, they lose that protection when invoked against the database. The vulnerability specifically exists in the 'firm_filter' parameter where the application sets it as a session variable on line 264 of device_list.php. The parameter is then used on line 609 to build a SQL query which gets executed on line 869, allowing for SQL injection (Talos Intelligence). The vulnerability has been assigned a CVSS v3.1 base score of 7.7 HIGH with the vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (CISA).

A successful exploitation of this vulnerability could allow an attacker to retrieve any information from the product's database. The attack can be performed by any authenticated user or through cross-site request forgery (Talos Intelligence).

Advantech recommends updating to Version 2.4.17 or later to address this vulnerability. CISA also recommends users take defensive measures including minimizing network exposure for all control system devices, ensuring they are not accessible from the Internet, and locating control system networks and remote devices behind firewalls isolated from the business network (CISA).