Vulnerabilites related to advantech - iview
var-202102-0523
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22658",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22658",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-22658",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22658",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-22658",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-22658",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381095",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22658",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-191",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12344",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381095",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"id": "VAR-202102-0523",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
}
]
},
"last_update_date": "2024-11-23T21:58:48.758000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13242)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249611"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142089"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-191/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22658"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"date": "2021-02-11T18:15:17.270000",
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"date": "2024-11-21T05:50:25.247000",
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
}
}
var-202209-1749
Vulnerability from variot
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5_7_04_6469 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"cve": "CVE-2022-3323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3323",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3323",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3323",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-3323",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3323",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2022-32",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92856810",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-342-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.6439",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-430947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"id": "VAR-202209-1749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:53:01.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iView\u00a0-\u00a0Webserver\u00a0version",
"trust": 0.8,
"url": "https://www.advantech.com/en/support/details/firmware?id=1-HIPU-183"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2022-32"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92856810/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3323"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3323/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"date": "2022-09-27T23:15:15.867000",
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"date": "2022-09-29T16:41:35.093000",
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
}
}
var-202205-1116
Vulnerability from variot
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-2137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-2137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2137",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-2137",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2137",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16746",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-927",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16745",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-926",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2137",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"id": "VAR-202205-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201806"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2137"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2137/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"date": "2022-07-22T15:15:08.237000",
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"date": "2022-07-28T20:10:50.920000",
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
}
}
var-202007-0399
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14503",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14503",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167388",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14503",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-007697",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14503",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167388",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14503",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-834",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10646",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47219",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167388",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"id": "VAR-202007-0399",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
}
]
},
"last_update_date": "2024-11-23T21:35:34.664000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView input verification vulnerability (CVE-2020-14503)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/235648"
},
{
"title": "Advantech iView Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124488"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14503"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-834/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14503"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47219"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"date": "2020-07-15T03:15:50.687000",
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"date": "2020-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"date": "2024-11-21T05:03:24.720000",
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
}
}
var-202007-0395
Vulnerability from variot
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the retrieveActiveTrapCount method of the TrapTable class. When parsing the search_hostname HTTP parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
}
],
"trust": 11.2
},
"cve": "CVE-2020-14497",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-42953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 6.3,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.9,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 6.3,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 4.9,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14497",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167381",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the retrieveActiveTrapCount method of the TrapTable class. When parsing the search_hostname HTTP parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14497"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 11.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14497",
"trust": 12.9
},
{
"db": "ZDI",
"id": "ZDI-20-860",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-830",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-864",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-863",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-855",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-866",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-842",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-857",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-854",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-838",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-832",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-835",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-845",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-839",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-858",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-861",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-833",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-852",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-851",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-853",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10700",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10631",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10716",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10703",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10626",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10707",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10635",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10656",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10627",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10629",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10672",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10717",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10659",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10657",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10634",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10660",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-968",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167381",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"id": "VAR-202007-0395",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
]
},
"last_update_date": "2024-11-29T22:41:08.364000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227467"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-827/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-828/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-830/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-832/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-833/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-835/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-836/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-837/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-838/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-839/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-842/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-843/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-844/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-845/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-846/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-848/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-849/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-850/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-851/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-852/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-853/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-854/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-855/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-856/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-857/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-858/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-860/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-861/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-862/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-863/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-864/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-865/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-866/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-868/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-869/"
},
{
"trust": 1.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14497"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"date": "2020-07-15T02:15:12.547000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"date": "2024-11-21T05:03:23.890000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Advantech iView User checkForDuplicateUserName SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
}
],
"trust": 0.7
}
}
var-202007-0401
Vulnerability from variot
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 2.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
}
],
"trust": 2.8
},
"cve": "CVE-2020-14507",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54158",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14507",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008395",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167392",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 4.77
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14507",
"trust": 5.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-829",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-840",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-841",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10636",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10622",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10623",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10630",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47232",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167392",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"id": "VAR-202007-0401",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
}
]
},
"last_update_date": "2024-11-23T21:35:35.364000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/235642"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124491"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-841/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14507"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-829/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-840/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14507"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47232"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"date": "2020-07-15T02:15:12.703000",
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"date": "2024-11-21T05:03:25.207000",
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
}
}
var-202007-0396
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14499",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14499",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14499",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14499",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14499",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-14499",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14499",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-867",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10701",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47215",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167383",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"id": "VAR-202007-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:35:34.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124486"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-867/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14499"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01\u00a5"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47215"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"date": "2020-07-15T03:15:50.513000",
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"date": "2024-11-21T05:03:24.210000",
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
}
}
var-202206-1670
Vulnerability from variot
This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.53-1~deb11u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: security-tracker.debian.org/tracker/chromium
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2156",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2156",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure. \nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1. \nWe recommend that you upgrade your chromium packages. \nFor the detailed security status of chromium please refer to\nits security tracker page at:\nsecurity-tracker.debian.org/tracker/chromium",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2156",
"trust": 1.4
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2156",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"id": "VAR-202206-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2022-07-05T22:20:22.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Google Chrome Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197132"
},
{
"title": "Debian Security Advisories: DSA-5168-1 chromium -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1df55fca5bc84b333e3feb3ff9ec9e70"
},
{
"title": "Google Chrome: Stable Channel Update for Desktop",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=f4139027edd7716be086c3c70b2fd7d6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38642"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2156"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3056"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5168"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
],
"trust": 0.6
}
}
var-202206-2045
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 4.9,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 2.8
},
"cve": "CVE-2022-2136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2136",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2136",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2136",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
}
],
"trust": 6.21
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2136",
"trust": 8.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16772",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-925",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16771",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-924",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16775",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-923",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16752",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-922",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16744",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-921",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16748",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-920",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426270",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2136",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"id": "VAR-202206-2045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 4.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 7.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2136"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"date": "2022-07-22T15:15:08.180000",
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-07-14T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"date": "2022-07-28T20:10:32.447000",
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
}
}
var-202206-2047
Vulnerability from variot
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2143",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2143",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2143",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2143",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2143",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2143",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-2143",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426277",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2143",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168108",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16685",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-936",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16528",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-935",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426277",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2143",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"id": "VAR-202206-2047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=197831"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/168108/advantech-iview-networkservlet-command-injection.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2143"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2143/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"date": "2022-07-22T15:15:08.463000",
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"date": "2023-07-24T13:08:23.047000",
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
}
}
var-202206-2049
Vulnerability from variot
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-2138",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2138",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2138",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2138",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16774",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-930",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16776",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-929",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16688",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-928",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2138",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"id": "VAR-202206-2049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201807"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2138"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2138/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"date": "2022-07-22T15:15:08.293000",
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"date": "2022-07-28T20:12:50.197000",
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
}
}
var-202102-0522
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22656",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22656",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22656",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22656",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22656",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22656",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22656",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22656",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-189",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12096",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381093",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"id": "VAR-202102-0522",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
}
]
},
"last_update_date": "2024-11-23T21:58:48.794000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView path traversal vulnerability (CNVD-2021-13241)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249606"
},
{
"title": "Advantech Iview Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142092"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-189/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22656"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"date": "2021-02-11T18:15:17.190000",
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"date": "2024-11-21T05:50:25",
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 Traversal Vulnerability in Japan",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
}
}
var-202102-0634
Vulnerability from variot
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries.
Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0634",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spencer McIntyre",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22652",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22652",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22652",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22652",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22652",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-22652",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381089",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. \n\r\n\r\nAdvantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-381089",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22652",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "161937",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381089",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"id": "VAR-202102-0634",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
}
]
},
"last_update_date": "2024-11-23T21:58:48.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Key features of Advantech iView lack certification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248551"
},
{
"title": "Advantech Iview Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/161937/advantech-iview-unauthenticated-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22652"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"date": "2021-02-11T18:15:17.003000",
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T06:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"date": "2024-11-21T05:50:23.640000",
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
}
}
var-202206-2046
Vulnerability from variot
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2142",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2142",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2142",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2022-2142",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2142",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16607",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-934",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2142",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"id": "VAR-202206-2046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201808"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2142"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2142/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"date": "2022-07-22T15:15:08.407000",
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"date": "2022-07-28T20:13:12.980000",
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
}
}
var-202307-2113
Vulnerability from variot
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-2113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.4.6752"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.4.6752",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"cve": "CVE-2023-3983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-3983",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2023-24",
"trust": 1.0
},
{
"db": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"id": "VAR-202307-2113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2023-08-12T03:18:49.784000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-31T19:15:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-04T17:03:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
}
}
var-202102-0521
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22654",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22654",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-22654",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22654",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381091",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 3.51
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22654",
"trust": 4.5
},
{
"db": "ZDI",
"id": "ZDI-21-190",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-21-188",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12343",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12095",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381091",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"id": "VAR-202102-0521",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
}
]
},
"last_update_date": "2024-11-23T21:58:48.720000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13243)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249616"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142091"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-190/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-188/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22654"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"date": "2021-02-11T18:15:17.113000",
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"date": "2024-11-21T05:50:24.770000",
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
}
}
var-202106-1187
Vulnerability from variot
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 5.6,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
}
],
"trust": 4.2
},
"cve": "CVE-2021-32932",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32932",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32932",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32932",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-32932",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32932",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-392918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 7.29
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32932",
"trust": 8.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-656",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13141",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13137",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-655",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11846",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-654",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11838",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-653",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11837",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-652",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11836",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-651",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11834",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-650",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11833",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-649",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392918",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"id": "VAR-202106-1187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:13:32.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 5.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-HIPU-183"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152916"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-656/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"date": "2021-06-11T17:15:11.057000",
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"date": "2021-06-21T22:37:53.433000",
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202106-1186
Vulnerability from variot
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
],
"trust": 1.3
},
"cve": "CVE-2021-32930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32930",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392916",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32930",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32930",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32930",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-32930",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-392916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32930",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-648",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11832",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392916",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"id": "VAR-202106-1186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:12:02.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-HIPU-183"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-648/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"date": "2021-06-11T17:15:10.963000",
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"date": "2021-06-23T16:07:34.457000",
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202206-2050
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the CREATE_DATE element of the removeSearchDevicesFromTask action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
],
"trust": 9.8
},
"cve": "CVE-2022-2135",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 8.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2135",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2135",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the CREATE_DATE element of the removeSearchDevicesFromTask action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 11.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2135",
"trust": 13.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16750",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-919",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16529",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-918",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16535",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-917",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16561",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-916",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16585",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-915",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16562",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-914",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16659",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-910",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16747",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-908",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16583",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-905",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16592",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-904",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16693",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-898",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16649",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-894",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16563",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-888",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16645",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-887",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16658",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-884",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16647",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-882",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426269",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"id": "VAR-202206-2050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-25T23:05:13.067000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 13.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2135"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"date": "2022-07-22T15:15:08.117000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"date": "2022-07-28T20:10:10.260000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
}
],
"trust": 0.8
}
}
var-202007-0398
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14501",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167386",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14501",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14501",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14501",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008661",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14501",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167386",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14501",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-859",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10699",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47223",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167386",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"id": "VAR-202007-0398",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
}
]
},
"last_update_date": "2024-11-23T21:35:34.811000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14501"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-859/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14501"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47223"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"date": "2020-07-15T03:15:50.607000",
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"date": "2024-11-21T05:03:24.480000",
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
}
}
var-202206-2048
Vulnerability from variot
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2139",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2139",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-2139",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2139",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16783",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-933",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16702",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-932",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16701",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-931",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2139",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"id": "VAR-202206-2048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201955"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2139"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2139/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"date": "2022-07-22T15:15:08.350000",
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"date": "2022-07-29T01:19:10.197000",
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
}
}
var-202008-0373
Vulnerability from variot
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 6.3,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "upgrade 5.7.02"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.7"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
}
]
},
"credits": {
"_id": null,
"data": "KPC",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
}
],
"trust": 6.3
},
"cve": "CVE-2020-16245",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16245",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-49617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-169304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.2,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007819",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 4.9,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16245",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-007819",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-169304",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 7.92
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-16245",
"trust": 9.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-238-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-1084",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1086",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1085",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1088",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1090",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1087",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1089",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1092",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1091",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU93037867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10976",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10989",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10988",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10991",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10993",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10990",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10992",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10995",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10994",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2915",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48440",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169304",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"id": "VAR-202008-0373",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
}
]
},
"last_update_date": "2024-11-23T23:11:18.802000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 6.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"title": "iView Upgrade 5.7.02",
"trust": 0.8,
"url": "https://www.advantech.tw/support/details/faq?id=1-HIPU-181"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/232402"
},
{
"title": "Advantech iView Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 9.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1084/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1085/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1086/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1087/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1088/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1089/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1090/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1091/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1092/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93037867/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2915/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48440"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"date": "2020-08-25T19:15:12.563000",
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"date": "2024-11-21T05:07:00.960000",
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
}
}
var-202007-0400
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program's failure to correctly verify the string submitted by the user before making a system call
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14505",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43172",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167390",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14505",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14505",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14505",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008660",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14505",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167390",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program\u0027s failure to correctly verify the string submitted by the user before making a system call",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14505",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-831",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10645",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167390",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"id": "VAR-202007-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
}
]
},
"last_update_date": "2024-11-23T21:35:35.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227259"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124489"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14505"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-831/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14505"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47233"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"date": "2020-07-15T02:15:12.627000",
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"date": "2024-11-21T05:03:24.963000",
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
}
}
CVE-2021-22658 (GCVE-0-2021-22658)
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION')
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22658",
"datePublished": "2021-02-11T16:06:25",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14507 (GCVE-0-2020-14507)
Vulnerability from cvelistv5
Published
2020-07-15 01:48
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
Summary
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-847/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-841/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-829/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-840/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:14",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14507",
"datePublished": "2020-07-15T01:48:12",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2136 (GCVE-0-2022-2136)
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2025-04-16 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:14.913188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:51:20.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2136",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2136",
"datePublished": "2022-07-22T14:58:55.154Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:51:20.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53475 (GCVE-0-2025-53475)
Vulnerability from cvelistv5
Published
2025-07-10 23:23
Modified
2025-07-11 13:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially execute code in the context of the 'nt
authority\local service' account.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:26.738460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:39:39.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the \u0027nt \nauthority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the \u0027nt \nauthority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:23:38.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53475",
"datePublished": "2025-07-10T23:23:38.421Z",
"dateReserved": "2025-07-02T15:12:58.621Z",
"dateUpdated": "2025-07-11T13:39:39.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2137 (GCVE-0-2022-2137)
Vulnerability from cvelistv5
Published
2022-07-22 14:57
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:59.888726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:29.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:57:57.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2137",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2137",
"datePublished": "2022-07-22T14:57:57.232Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:29.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52459 (GCVE-0-2025-52459)
Vulnerability from cvelistv5
Published
2025-07-10 23:28
Modified
2025-07-11 13:29
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that allows for argument
injection in NetworkServlet.backupDatabase(). This issue requires an
authenticated attacker with at least user-level privileges. Certain
parameters can be used directly in a command without proper
sanitization, allowing arbitrary arguments to be injected. This can
result in information disclosure, including sensitive database
credentials.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:29:50.282666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:29:56.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in NetworkServlet.backupDatabase(). This issue requires an \nauthenticated attacker with at least user-level privileges. Certain \nparameters can be used directly in a command without proper \nsanitization, allowing arbitrary arguments to be injected. This can \nresult in information disclosure, including sensitive database \ncredentials."
}
],
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in NetworkServlet.backupDatabase(). This issue requires an \nauthenticated attacker with at least user-level privileges. Certain \nparameters can be used directly in a command without proper \nsanitization, allowing arbitrary arguments to be injected. This can \nresult in information disclosure, including sensitive database \ncredentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:28:08.679Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-52459",
"datePublished": "2025-07-10T23:28:08.679Z",
"dateReserved": "2025-07-02T15:12:58.643Z",
"dateUpdated": "2025-07-11T13:29:56.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22656 (GCVE-0-2021-22656)
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22656",
"datePublished": "2021-02-11T16:06:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14505 (GCVE-0-2020-14505)
Vulnerability from cvelistv5
Published
2020-07-15 01:59
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION')
Summary
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:33",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14505",
"datePublished": "2020-07-15T01:59:33",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53397 (GCVE-0-2025-53397)
Vulnerability from cvelistv5
Published
2025-07-10 23:13
Modified
2025-07-11 13:58
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user's browser, potentially leading to information disclosure or
other malicious activities.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:58:14.600623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:58:21.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy exploiting this flaw, an attacker could execute unauthorized scripts \nin the user\u0027s browser, potentially leading to information disclosure or \nother malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy exploiting this flaw, an attacker could execute unauthorized scripts \nin the user\u0027s browser, potentially leading to information disclosure or \nother malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:13:27.593Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53397",
"datePublished": "2025-07-10T23:13:27.593Z",
"dateReserved": "2025-07-02T15:12:58.579Z",
"dateUpdated": "2025-07-11T13:58:21.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46704 (GCVE-0-2025-46704)
Vulnerability from cvelistv5
Published
2025-07-10 23:19
Modified
2025-07-11 13:40
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView in
NetworkServlet.processImportRequest() that could allow for a directory
traversal attack. This issue requires an authenticated attacker with at
least user-level privileges. A specific parameter is not properly
sanitized or normalized, potentially allowing an attacker to determine
the existence of arbitrary files on the server.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:39.368395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:40:07.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView in \nNetworkServlet.processImportRequest() that could allow for a directory \ntraversal attack. This issue requires an authenticated attacker with at \nleast user-level privileges. A specific parameter is not properly \nsanitized or normalized, potentially allowing an attacker to determine \nthe existence of arbitrary files on the server."
}
],
"value": "A vulnerability exists in Advantech iView in \nNetworkServlet.processImportRequest() that could allow for a directory \ntraversal attack. This issue requires an authenticated attacker with at \nleast user-level privileges. A specific parameter is not properly \nsanitized or normalized, potentially allowing an attacker to determine \nthe existence of arbitrary files on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:19:32.390Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-46704",
"datePublished": "2025-07-10T23:19:32.390Z",
"dateReserved": "2025-07-02T15:12:58.615Z",
"dateUpdated": "2025-07-11T13:40:07.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2138 (GCVE-0-2022-2138)
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:07.476313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:11.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2138",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2138",
"datePublished": "2022-07-22T14:58:18.441Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:11.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48891 (GCVE-0-2025-48891)
Vulnerability from cvelistv5
Published
2025-07-10 23:17
Modified
2025-07-11 13:42
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.2 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
7.2 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:49.578799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:42:37.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection through the CUtils.checkSQLInjection() function. This \nvulnerability can be exploited by an authenticated attacker with at \nleast user-level privileges, potentially leading to information \ndisclosure or a denial-of-service condition."
}
],
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection through the CUtils.checkSQLInjection() function. This \nvulnerability can be exploited by an authenticated attacker with at \nleast user-level privileges, potentially leading to information \ndisclosure or a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:17:45.815Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-48891",
"datePublished": "2025-07-10T23:17:45.815Z",
"dateReserved": "2025-07-02T15:12:58.607Z",
"dateUpdated": "2025-07-11T13:42:37.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53519 (GCVE-0-2025-53519)
Vulnerability from cvelistv5
Published
2025-07-10 23:14
Modified
2025-07-11 17:50
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T17:49:52.229018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:50:07.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating specific parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating specific parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:14:37.185Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53519",
"datePublished": "2025-07-10T23:14:37.185Z",
"dateReserved": "2025-07-02T15:12:58.594Z",
"dateUpdated": "2025-07-11T17:50:07.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2142 (GCVE-0-2022-2142)
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2025-04-16 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:12.240336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:51:07.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:59:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2142",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2142",
"datePublished": "2022-07-22T14:59:30.208Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:51:07.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14497 (GCVE-0-2020-14497)
Vulnerability from cvelistv5
Published
2020-07-15 01:50
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION')
Summary
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14497",
"datePublished": "2020-07-15T01:50:54",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3983 (GCVE-0-2023-3983)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: versions prior to v5.7.4 build 6752 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:32:37.120433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:33:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.4 build 6752"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-3983",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-27T00:00:00",
"dateUpdated": "2024-10-22T15:33:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41442 (GCVE-0-2025-41442)
Vulnerability from cvelistv5
Published
2025-07-10 23:15
Modified
2025-07-11 17:50
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T17:49:43.275598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:50:31.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:15:27.981Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-41442",
"datePublished": "2025-07-10T23:15:27.981Z",
"dateReserved": "2025-07-02T15:12:58.600Z",
"dateUpdated": "2025-07-11T17:50:31.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2139 (GCVE-0-2022-2139)
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:55.192099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:20.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2139",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2139",
"datePublished": "2022-07-22T14:58:03.033Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:20.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2143 (GCVE-0-2022-2143)
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:23.088062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:52.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T18:06:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2143",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"name": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2143",
"datePublished": "2022-07-22T14:59:13.360Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:52.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14499 (GCVE-0-2020-14499)
Vulnerability from cvelistv5
Published
2020-07-15 02:11
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - IMPROPER ACCESS CONTROL
Summary
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:10",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14499",
"datePublished": "2020-07-15T02:11:10",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52577 (GCVE-0-2025-52577)
Vulnerability from cvelistv5
Published
2025-07-10 23:24
Modified
2025-07-11 13:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that could allow SQL injection
and remote code execution through NetworkServlet.archiveTrapRange().
This issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not properly sanitized,
allowing an attacker to perform SQL injection and potentially execute
code in the context of the 'nt authority\local service' account.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:17.239954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:39:11.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow SQL injection\n and remote code execution through NetworkServlet.archiveTrapRange(). \nThis issue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not properly sanitized, \nallowing an attacker to perform SQL injection and potentially execute \ncode in the context of the \u0027nt authority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that could allow SQL injection\n and remote code execution through NetworkServlet.archiveTrapRange(). \nThis issue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not properly sanitized, \nallowing an attacker to perform SQL injection and potentially execute \ncode in the context of the \u0027nt authority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:24:42.965Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-52577",
"datePublished": "2025-07-10T23:24:42.965Z",
"dateReserved": "2025-07-02T15:12:58.630Z",
"dateUpdated": "2025-07-11T13:39:11.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22654 (GCVE-0-2021-22654)
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION')
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22654",
"datePublished": "2021-02-11T16:06:18",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16245 (GCVE-0-2020-16245)
Vulnerability from cvelistv5
Published
2020-08-25 18:03
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
Summary
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1085/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1089/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1092/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1086/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1091/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1087/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1088/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1090/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1084/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.7 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.7 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T15:06:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.7 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16245",
"datePublished": "2020-08-25T18:03:49",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52335 (GCVE-0-2023-52335)
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-12-05 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-610/ | x_research-advisory | |
| https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advantech:iview:5.7.04:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iview",
"vendor": "advantech",
"versions": [
{
"status": "affected",
"version": "5.7.04"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:56.906074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:32:34.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.04"
}
]
}
],
"dateAssigned": "2024-01-11T14:42:51.906-06:00",
"datePublic": "2024-06-12T09:10:09.423-05:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:15.175Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-610",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-52335",
"datePublished": "2024-11-22T20:05:15.175Z",
"dateReserved": "2024-01-11T20:39:58.816Z",
"dateUpdated": "2024-12-05T19:32:34.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32930 (GCVE-0-2021-32930)
Vulnerability from cvelistv5
Published
2021-06-11 16:25
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION
Summary
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:25:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32930",
"datePublished": "2021-06-11T16:25:36",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14501 (GCVE-0-2020-14501)
Vulnerability from cvelistv5
Published
2020-07-15 02:19
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION
Summary
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14501",
"datePublished": "2020-07-15T02:19:48",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22652 (GCVE-0-2021-22652)
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION
Summary
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T18:06:13",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22652",
"datePublished": "2021-02-11T16:06:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32932 (GCVE-0-2021-32932)
Vulnerability from cvelistv5
Published
2021-06-11 16:24
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION')
Summary
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:24:18",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32932",
"datePublished": "2021-06-11T16:24:18",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3323 (GCVE-0-2022-3323)
Vulnerability from cvelistv5
Published
2022-09-27 13:51
Modified
2025-05-21 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2022-32 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Advantech iView 5.7.04.6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3323",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:09:58.643861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:10:35.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech iView 5.7.04.6469"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T13:51:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Advantech iView 5.7.04.6469"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-3323",
"datePublished": "2022-09-27T13:51:02.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-05-21T15:10:35.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53515 (GCVE-0-2025-53515)
Vulnerability from cvelistv5
Published
2025-07-10 23:25
Modified
2025-07-11 13:57
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the 'nt authority\local service' account.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:57:29.867588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:57:41.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for SQL injection \nand remote code execution through NetworkServlet.archiveTrap(). This \nissue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not sanitized, allowing an \nattacker to perform SQL injection and potentially execute code in the \ncontext of the \u0027nt authority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that allows for SQL injection \nand remote code execution through NetworkServlet.archiveTrap(). This \nissue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not sanitized, allowing an \nattacker to perform SQL injection and potentially execute code in the \ncontext of the \u0027nt authority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:25:51.561Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53515",
"datePublished": "2025-07-10T23:25:51.561Z",
"dateReserved": "2025-07-02T15:12:58.638Z",
"dateUpdated": "2025-07-11T13:57:41.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2135 (GCVE-0-2022-2135)
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:02.234169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:00.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:45.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2135",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2135",
"datePublished": "2022-07-22T14:58:45.454Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:00.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53509 (GCVE-0-2025-53509)
Vulnerability from cvelistv5
Published
2025-07-10 23:29
Modified
2025-07-11 13:29
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:29:30.324999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:29:37.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in the NetworkServlet.restoreDatabase(). This issue requires \nan authenticated attacker with at least user-level privileges. An input \nparameter can be used directly in a command without proper sanitization,\n allowing arbitrary arguments to be injected. This can result in \ninformation disclosure, including sensitive database credentials."
}
],
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in the NetworkServlet.restoreDatabase(). This issue requires \nan authenticated attacker with at least user-level privileges. An input \nparameter can be used directly in a command without proper sanitization,\n allowing arbitrary arguments to be injected. This can result in \ninformation disclosure, including sensitive database credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:29:10.103Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53509",
"datePublished": "2025-07-10T23:29:10.103Z",
"dateReserved": "2025-07-02T15:12:58.651Z",
"dateUpdated": "2025-07-11T13:29:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14503 (GCVE-0-2020-14503)
Vulnerability from cvelistv5
Published
2020-07-15 02:15
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - IMPROPER INPUT VALIDATION
Summary
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14503",
"datePublished": "2020-07-15T02:15:13",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-11-22 20:15
Modified
2025-01-09 16:05
Severity ?
Summary
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB283D2-9626-493E-AC5C-7B9B507AC546",
"versionEndExcluding": "5.7.04.6752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n mediante inyecci\u00f3n SQL en ConfigurationServlet de Advantech iView. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Advantech iView. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servlet ConfigurationServlet, que escucha en el puerto TCP 8080 de manera predeterminada. Al analizar el elemento column_value, el proceso no valida correctamente una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para divulgar credenciales almacenadas, lo que conduce a una mayor vulnerabilidad. Era ZDI-CAN-17863."
}
],
"id": "CVE-2023-52335",
"lastModified": "2025-01-09T16:05:53.673",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T20:15:07.927",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Release Notes"
],
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de control de acceso inadecuado. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir a un atacante obtener las credenciales de todas las cuentas de usuario"
}
],
"id": "CVE-2020-14499",
"lastModified": "2024-11-21T05:03:24.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.513",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a dos inyecciones SQL que requieren altos privilegios para su explotaci\u00f3n y pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2137",
"lastModified": "2024-11-21T07:00:24.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una neutralizaci\u00f3n inadecuada de los elementos especiales utilizados en una vulnerabilidad de comando (\"inyecci\u00f3n de comando\"). La explotaci\u00f3n satisfactoria de esta vulnerabilidad puede permitir a un atacante enviar una solicitud HTTP GET o POST que cree una cadena de comandos sin ninguna validaci\u00f3n. El atacante puede entonces ejecutar remotamente el c\u00f3digo"
}
],
"id": "CVE-2020-14505",
"lastModified": "2024-11-21T05:03:24.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.627",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05210F63-F5C5-4783-A993-2E670F19B5F9",
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una inyecci\u00f3n SQL, que puede permitir a un atacante no autorizado divulgar informaci\u00f3n en el iView (versiones anteriores a v5.7.03.6182)"
}
],
"id": "CVE-2021-32932",
"lastModified": "2024-11-21T06:07:57.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T17:15:11.057",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene un problema de autenticaci\u00f3n inadecuada para la funci\u00f3n cr\u00edtica (CWE-306). El aprovechamiento satisfactorio de esta vulnerabilidad puede permitir a un atacante obtener la informaci\u00f3n de la tabla de usuarios, incluidas las credenciales de administrador en texto plano. Un atacante tambi\u00e9n puede eliminar la cuenta del administrador"
}
],
"id": "CVE-2020-14501",
"lastModified": "2024-11-21T05:03:24.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.607",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05210F63-F5C5-4783-A993-2E670F19B5F9",
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
},
{
"lang": "es",
"value": "La configuraci\u00f3n del producto afectado es vulnerable debido a una falta de autenticaci\u00f3n, lo que puede permitir a un atacante cambiar la configuraci\u00f3n y ejecutar c\u00f3digo arbitrario en el iView (anterior a versi\u00f3n v5.7.03.6182)"
}
],
"id": "CVE-2021-32930",
"lastModified": "2024-11-21T06:07:56.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T17:15:10.963",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-08-01 19:13
Severity ?
Summary
A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the 'nt authority\local service' account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView that allows for SQL injection \nand remote code execution through NetworkServlet.archiveTrap(). This \nissue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not sanitized, allowing an \nattacker to perform SQL injection and potentially execute code in the \ncontext of the \u0027nt authority\\local service\u0027 account."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView que permite la inyecci\u00f3n SQL y la ejecuci\u00f3n remota de c\u00f3digo mediante NetworkServlet.archiveTrap(). Este problema requiere un atacante autenticado con al menos privilegios de usuario. Ciertos par\u00e1metros de entrada no se sanean, lo que permite a un atacante realizar una inyecci\u00f3n SQL y potencialmente ejecutar c\u00f3digo en el contexto de la cuenta \u0027nt authority\\local service\u0027."
}
],
"id": "CVE-2025-53515",
"lastModified": "2025-08-01T19:13:59.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:28.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-08-01 19:16
Severity ?
Summary
A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in the NetworkServlet.restoreDatabase(). This issue requires \nan authenticated attacker with at least user-level privileges. An input \nparameter can be used directly in a command without proper sanitization,\n allowing arbitrary arguments to be injected. This can result in \ninformation disclosure, including sensitive database credentials."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView que permite la inyecci\u00f3n de argumentos en NetworkServlet.restoreDatabase(). Este problema requiere un atacante autenticado con al menos privilegios de usuario. Un par\u00e1metro de entrada puede usarse directamente en un comando sin la debida limpieza, lo que permite la inyecci\u00f3n de argumentos arbitrarios. Esto puede resultar en la divulgaci\u00f3n de informaci\u00f3n, incluyendo credenciales confidenciales de la base de datos."
}
],
"id": "CVE-2025-53509",
"lastModified": "2025-08-01T19:16:23.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:28.357",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
},
{
"lang": "es",
"value": "El acceso a las versiones de Advantech iView anteriores a configuraci\u00f3n v5.7.03.6112 carece de autenticaci\u00f3n, lo que puede permitir a un atacante no autorizado cambiar la configuraci\u00f3n y obtener una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-22652",
"lastModified": "2024-11-21T05:50:23.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.003",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a un salto de directorio, que puede permitir a un atacante acceder a archivos no autorizados y ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-2139",
"lastModified": "2024-11-21T07:00:24.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL que son vulnerables al uso de una cadena controlada por el atacante en la construcci\u00f3n de consultas SQL. Un atacante podr\u00eda extraer las credenciales del usuario, leer o modificar la informaci\u00f3n y ejecutar el c\u00f3digo de forma remota"
}
],
"id": "CVE-2020-14497",
"lastModified": "2024-11-21T05:03:23.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, es vulnerable a vulnerabilidades de m\u00faltiples caminos que podr\u00edan permitir a un atacante crear/descargar archivos arbitrarios, limitar la disponibilidad del sistema y ejecutar c\u00f3digo de forma remota."
}
],
"id": "CVE-2020-14507",
"lastModified": "2024-11-21T05:03:25.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.703",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una inyecci\u00f3n SQL con alta complejidad de ataque, que puede permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2142",
"lastModified": "2024-11-21T07:00:24.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.407",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-08-01 19:19
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user's browser, potentially leading to information disclosure or
other malicious activities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy exploiting this flaw, an attacker could execute unauthorized scripts \nin the user\u0027s browser, potentially leading to information disclosure or \nother malicious activities."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en las versiones de Advantech iView anteriores a la 5.7.05, compilaci\u00f3n 7057, que podr\u00eda permitir un ataque de cross-site scripting (XSS) reflejado. Al explotar esta vulnerabilidad, un atacante podr\u00eda ejecutar scripts no autorizados en el navegador del usuario, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n u otras actividades maliciosas."
}
],
"id": "CVE-2025-53397",
"lastModified": "2025-08-01T19:19:25.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:26.763",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
},
{
"lang": "es",
"value": "Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyecci\u00f3n SQL, lo que puede permitir a un atacante escalar los privilegios a \"Administrator\""
}
],
"id": "CVE-2021-22658",
"lastModified": "2024-11-21T05:50:25.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:20
Severity ?
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en las versiones de Advantech iView anteriores a la 5.7.05, compilaci\u00f3n 7057, que podr\u00eda permitir un ataque de cross-site scripting (XSS) reflejado. Al manipular ciertos par\u00e1metros de entrada, un atacante podr\u00eda ejecutar secuencias de comandos no autorizadas en el navegador del usuario, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n u otras actividades maliciosas."
}
],
"id": "CVE-2025-41442",
"lastModified": "2025-07-23T19:20:42.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:24.347",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a dos instancias de inyecci\u00f3n de comandos, que pueden permitir a un atacante ejecutar remotamente c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-2143",
"lastModified": "2024-11-21T07:00:25.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.463",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 19:15
Modified
2024-11-21 08:18
Severity ?
Summary
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2023-24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2023-24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1856B3E0-0296-471D-828E-220B55F1E98D",
"versionEndExcluding": "5.7.4.6752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection."
}
],
"id": "CVE-2023-3983",
"lastModified": "2024-11-21T08:18:28.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T19:15:18.243",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:20
Severity ?
Summary
A vulnerability exists in Advantech iView that could allow SQL injection
and remote code execution through NetworkServlet.archiveTrapRange().
This issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not properly sanitized,
allowing an attacker to perform SQL injection and potentially execute
code in the context of the 'nt authority\local service' account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView that could allow SQL injection\n and remote code execution through NetworkServlet.archiveTrapRange(). \nThis issue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not properly sanitized, \nallowing an attacker to perform SQL injection and potentially execute \ncode in the context of the \u0027nt authority\\local service\u0027 account."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView que podr\u00eda permitir la inyecci\u00f3n SQL y la ejecuci\u00f3n remota de c\u00f3digo mediante NetworkServlet.archiveTrapRange(). Este problema requiere un atacante autenticado con al menos privilegios de usuario. Ciertos par\u00e1metros de entrada no se desinfectan correctamente, lo que permite a un atacante realizar una inyecci\u00f3n SQL y potencialmente ejecutar c\u00f3digo en el contexto de la cuenta \u0027nt authority\\local service\u0027."
}
],
"id": "CVE-2025-52577",
"lastModified": "2025-07-23T19:20:13.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:26.430",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-25 19:15
Modified
2024-11-21 05:07
Severity ?
Summary
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1FCC11-FE17-4D31-933F-8C98D3D70366",
"versionEndIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.7 y anteriores. El producto afectado es susceptible a vulnerabilidades de salto de ruta que podr\u00edan permitir a un atacante crear y descargar archivos arbitrarios, limitar la disponibilidad del sistema y ejecutar c\u00f3digo remotamente"
}
],
"id": "CVE-2020-16245",
"lastModified": "2024-11-21T05:07:00.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-25T19:15:12.563",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "Las versiones Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyecci\u00f3n SQL, lo que puede permitir a un atacante no autorizado revelar informaci\u00f3n"
}
],
"id": "CVE-2021-22654",
"lastModified": "2024-11-21T05:50:24.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.113",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:20
Severity ?
Summary
A vulnerability exists in Advantech iView in
NetworkServlet.processImportRequest() that could allow for a directory
traversal attack. This issue requires an authenticated attacker with at
least user-level privileges. A specific parameter is not properly
sanitized or normalized, potentially allowing an attacker to determine
the existence of arbitrary files on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView in \nNetworkServlet.processImportRequest() that could allow for a directory \ntraversal attack. This issue requires an authenticated attacker with at \nleast user-level privileges. A specific parameter is not properly \nsanitized or normalized, potentially allowing an attacker to determine \nthe existence of arbitrary files on the server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView en NetworkServlet.processImportRequest() que podr\u00eda permitir un ataque de salto de directorio. Este problema requiere un atacante autenticado con al menos privilegios de usuario. Un par\u00e1metro espec\u00edfico no est\u00e1 correctamente depurado ni normalizado, lo que podr\u00eda permitir que un atacante determine la existencia de archivos arbitrarios en el servidor."
}
],
"id": "CVE-2025-46704",
"lastModified": "2025-07-23T19:20:26.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:25.583",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a m\u00faltiples inyecciones SQL que pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2135",
"lastModified": "2024-11-21T07:00:24.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.117",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:20
Severity ?
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection through the CUtils.checkSQLInjection() function. This \nvulnerability can be exploited by an authenticated attacker with at \nleast user-level privileges, potentially leading to information \ndisclosure or a denial-of-service condition."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView que podr\u00eda permitir la inyecci\u00f3n de SQL mediante la funci\u00f3n CUtils.checkSQLInjection(). Esta vulnerabilidad puede ser explotada por un atacante autenticado con al menos privilegios de usuario, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2025-48891",
"lastModified": "2025-07-23T19:20:18.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:25.920",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:19
Severity ?
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product, Release Notes | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating specific parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en las versiones de Advantech iView anteriores a la 5.7.05, compilaci\u00f3n 7057, que podr\u00eda permitir un ataque de cross-site scripting (XSS) reflejado. Al manipular par\u00e1metros espec\u00edficos, un atacante podr\u00eda ejecutar secuencias de comandos no autorizadas en el navegador del usuario, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n u otras actividades maliciosas."
}
],
"id": "CVE-2025-53519",
"lastModified": "2025-07-23T19:19:55.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:28.750",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product",
"Release Notes"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a m\u00faltiples inyecciones SQL que requieren privilegios bajos para su explotaci\u00f3n y pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2136",
"lastModified": "2024-11-21T07:00:24.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.180",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de validaci\u00f3n de entrada inadecuada. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar remotamente c\u00f3digo arbitrario"
}
],
"id": "CVE-2020-14503",
"lastModified": "2024-11-21T05:03:24.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.687",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-27 23:15
Modified
2025-05-21 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-32 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-32 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:5.7.04.6469:*:*:*:*:*:*:*",
"matchCriteriaId": "6E39B345-0A1D-4908-B715-8549878F73FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Advantech iView versi\u00f3n 5.7.04.6469. La falla espec\u00edfica se presenta dentro del endpoint ConfigurationServlet, que escucha en el puerto TCP 8080 por defecto. Un atacante remoto no autenticado puede dise\u00f1ar un par\u00e1metro column_value especial en la acci\u00f3n setConfiguration para omitir las comprobaciones de com.imc.iview.utils.CUtils.checkSQLInjection() y llevar a cabo una inyecci\u00f3n SQL. Por ejemplo, el atacante puede explotar la vulnerabilidad para recuperar la contrase\u00f1a de administrador de iView"
}
],
"id": "CVE-2022-3323",
"lastModified": "2025-05-21T15:15:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-27T23:15:15.867",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable debido a la falta de autenticaci\u00f3n, lo que puede permitir a un atacante leer o modificar datos confidenciales y ejecutar c\u00f3digo arbitrario, resultando en una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-2138",
"lastModified": "2024-11-21T07:00:24.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.293",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-11 00:15
Modified
2025-07-23 19:19
Severity ?
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially execute code in the context of the 'nt
authority\local service' account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43",
"versionEndExcluding": "5.7.05.7057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the \u0027nt \nauthority\\local service\u0027 account."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Advantech iView que podr\u00eda permitir la inyecci\u00f3n SQL y la ejecuci\u00f3n remota de c\u00f3digo mediante NetworkServlet.getNextTrapPage(). Este problema requiere un atacante autenticado con al menos privilegios de usuario. Ciertos par\u00e1metros de esta funci\u00f3n no se depuran correctamente, lo que permite a un atacante realizar una inyecci\u00f3n SQL y potencialmente ejecutar c\u00f3digo en el contexto de la cuenta \u0027nt authority\\local service\u0027."
}
],
"id": "CVE-2025-53475",
"lastModified": "2025-07-23T19:19:37.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-07-11T00:15:27.107",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
},
{
"lang": "es",
"value": "Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables al salto de directorios, lo que puede permitir a un atacante leer archivos confidenciales"
}
],
"id": "CVE-2021-22656",
"lastModified": "2024-11-21T05:50:25.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.190",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}