The vulnerability of the centralized control system for network devices and ports of Advantech iView arises from the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

🗓️ 06 Mar 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Advantech iView central control system has unprotected structured query language queries, enabling remote disclosure of protected data.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-2137	22 Jul 202218:19	–	circl
CNNVD	Advantech iView SQL注入漏洞	28 Jun 202200:00	–	cnnvd
CNVD	Advantech iView SQL Injection Vulnerability (CNVD-2023-16472)	19 Aug 202200:00	–	cnvd
CVE	CVE-2022-2137	22 Jul 202214:57	–	cve
Cvelist	CVE-2022-2137 Advantech iView	22 Jul 202214:57	–	cvelist
EUVD	EUVD-2022-34422	3 Oct 202520:07	–	euvd
ICS	Advantech iView	28 Jun 202200:00	–	ics
NVD	CVE-2022-2137	22 Jul 202215:15	–	nvd
OSV	CVE-2022-2137	22 Jul 202215:15	–	osv
Prion	Sql injection	22 Jul 202215:15	–	prion

Vulners

Node

advantech_co.,advantech_iviewRange<5.7.04.6469

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-16746
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-179-03
web	www.web.nvd.nist.gov/view/vuln/detail
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-22-179-03
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-22-927/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-16746/

06 Mar 2023 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 34.9

CVSS 26.1

EPSS0.00215

Advantech iView centralized control system structured query language remote disclosure protected data