Vulnerability Summary: - Identified multiple stored cross-site scripting (XSS) vulnerabilities in Advantech EKI 15XX Series products. - Vulnerable versions include EKI-1524-CE, EKI-1522-CE, and EKI-1521-CE series for specific firmware versions. - CVE numbers related: CVE-2023-4202, CVE-2023-4203. - Affected vendors and products: Advantech company, specifically the EKI series of products described. - The vulnerabilities can be exploited in the firmware to impact "Device Name" fields and "Ping" tool functionalities, leading to potential security risks. Solution and Recommendation: - Solution involves upgrading to the latest firmware version 1.26 or above, as per vendor communication. - There's no direct workaround provided aside from the firmware update. - Recommendation to Advantech customers is a prompt upgrade to eliminate risk. Timeline and Coordinates: - The issues were identified and communicated to the vendor between late May and June, with an official firmware release and public disclosure as of late August 2023. Collaboration between St. Pölten UAS and Advantech is noted for the coordinated release process.