CVE-2023-2611: 
Advantech R-SeeNet vulnerability analysis and mitigation

Advantech R-SeeNet version 2.4.22 and prior versions contain a critical security vulnerability identified as CVE-2023-2611. The vulnerability involves a hidden root-level user account that is not visible in the users list and contains a password that cannot be changed by users (CISA Advisory, CVE Details).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The specific flaw exists within the configuration of the database, where an additional user exists that is not visible in the web application. This vulnerability is classified under CWE-798 (Use of Hard-coded Credentials) (CISA Advisory, ZDI Advisory).

Successful exploitation of this vulnerability could allow remote attackers to bypass authentication on affected installations of Advantech R-SeeNet. An attacker can leverage this vulnerability to gain unauthorized access to the system with root-level privileges (ZDI Advisory).

Advantech has released R-SeeNet version 2.4.23 which fixes this vulnerability. Users are strongly recommended to upgrade to this version. Additionally, CISA recommends implementing defense-in-depth strategies, including ensuring least-privilege principles, minimizing network exposure, locating control system networks behind firewalls, and isolating them from business networks (CISA Advisory).