Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-31718
CVE-2023-31718:
JavaScript vulnerability analysis and mitigation
Overview
FUXA versions 1.1.12 and earlier contain a Local File Inclusion vulnerability via the /api/download endpoint. The vulnerability was discovered and disclosed in September 2023, affecting the FUXA web-based Process Visualization (SCADA/HMI/Dashboard) software (FUXA Product).
Technical details
The vulnerability exists in the /api/download endpoint which is designed to download reports from FUXA. The endpoint can be exploited to read local files through the HTTP GET 'name' parameter. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) (NVD Database).
Impact
The vulnerability allows attackers to read local files from the system where FUXA is installed. This could lead to unauthorized access to sensitive system files and potential information disclosure (CISA Bulletin).
Mitigation and workarounds
Users running FUXA version 1.1.12 or earlier should upgrade to a newer version that contains fixes for this vulnerability. No specific workarounds have been publicly documented.
Additional resources
Source: This report was generated using AI
Related JavaScript vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management