37 matches found
CVE-2022-2143
CVE-2022-2143 affects Advantech iView (NetworkServlet) and is caused by improper input validation of a parameter used in backup/file operations, enabling command injection. Affected products are Advantech iView versions prior to 5_7_04_6469. This vulnerability may allow remote code execution via ...
CVE-2021-22652
CVE-2021-22652 concerns Advantech iView prior to v5.7.03.6112. A missing authentication vulnerability on configuration access may allow an unauthenticated attacker to modify settings and achieve code execution. Public sources in the connected set corroborate an unauthenticated remote code executi...
CVE-2020-14497
CVE-2020-14497 affects Advantech iView (versions ≤5.6). Connected documents reveal multiple SQL Injection vulnerabilities across iView components (NetworkServlet, LinksTable, DeviceTreeTable, SystemTable) that allow attacker-controlled input to be used in SQL queries. Root cause: lack of proper v...
CVE-2022-2135
CVE-2022-2135 affects Advantech iView. Multiple sources describe a SQL Injection vulnerability in the iView product, notably in the findCfgDeviceList action (segment parameter parsing) through the NetworkServlet endpoint (port 8080). ZDI advisories detail remote attackers being able to exploit by...
CVE-2022-2136
The CVE-2022-2136 issue concerns Advantech iView, where multiple SQL injection weaknesses exist due to insufficient input validation (for example, ipaddress in updatePROMFile and related parameters in exportTaskMgrReport/exportPSInventoryTable). The attached documents specify that these flaws ena...
CVE-2023-52335
CVE-2023-52335 affects Advantech iView’s ConfigurationServlet (listens on TCP port 8080). The flaw arises when parsing the column_value element, where user-supplied data is used to construct SQL queries without proper validation, enabling SQL injection and information disclosure of credentials. D...
CVE-2022-2139
CVE-2022-2139 affects Advantech iView and is a directory traversal vulnerability. Multiple connected sources describe improper validation of user-supplied paths in iView components, leading to access of unauthorized files and potential remote code execution. Specific affected endpoints include Me...
CVE-2022-3323
Advantech iView 5.7.04.6469 (and prior) is affected by an SQL injection in the ConfigurationServlet endpoint (port 8080 by default). An unauthenticated attacker can craft a special column_value in setConfiguration to bypass CUtils.checkSQLInjection() and disclose data, including the admin passwor...
CVE-2020-14501
CVE-2020-14501 affects Advantech iView (versions 5.6 and prior). The root cause is a missing authentication for a critical function (CWE-306), enabling an unauthenticated attacker to obtain the user table information (including administrator credentials in plain text) and potentially delete the a...
CVE-2020-14499
Advantech iView (versions 5.6 and prior) is affected by an improper access control vulnerability (CVE-2020-14499) that could allow an attacker to obtain all user account credentials. Connected sources confirm the issue stems from inadequate access control in the application, enabling credential d...
CVE-2022-2138
CV E-2022-2138 (Advantech iView) is documented with missing authentication allowing an attacker to read/modify sensitive data and potentially execute arbitrary code, leading to a denial-of-service condition. The core issue is an authentication bypass that affects the affected product (Advantech i...
CVE-2020-14507
Advantech iView (versions 5.6 and earlier) is affected by multiple path traversal vulnerabilities in various components (MenuServlet, NetworkServlet, ZTPConfig, LinksTable) enabling creation/download of arbitrary files, disruption of availability, and remote code execution. Root cause across advi...
CVE-2021-22658
Advantech iView is affected by CVE-2021-22658 (SQL Injection) on versions prior to 5.7.03.6112. The vulnerability arises in UserServlet processing, enabling an attacker to escalate to Administrator. Multiple connected sources confirm the issue and link it to privilege escalation via unsafely cons...
CVE-2020-14505
CVE-2020-14505 affects Advantech iView (versions 5.6 and prior). The vulnerability is an improper neutralization of special elements used in a command (command injection) that could allow an attacker to compose a command string via HTTP GET/POST without proper validation, enabling remote code exe...
CVE-2021-22656
Advantech iView vulnerable in versions prior to 5.7.03.6112 due to a directory traversal flaw in the CommandServlet class caused by improper validation of a user-supplied path, potentially allowing an attacker to read sensitive files. Remediation: upgrade to iView 5.7.03.6112 or later. Public adv...
CVE-2022-2137
CVE-2022-2137 — Advantech iView SQL Injection . The vulnerability affects Advantech iView management software. It is described as two SQL injections that require high privileges to exploit and may allow an unauthorized attacker to disclose information (NVD CVSS v3.1 base score 4.9, vector AV:N/AC...
CVE-2020-14503
Advantech iView (versions 5.6 and earlier) contains an improper input validation vulnerability that could allow remote code execution. The primary public detail points to NetworkServlet input handling as a critical flaw exploited remotely with no authentication (per ZDI advisory ZDI-20-834 and CV...
CVE-2020-16245
CVE-2020-16245 affects Advantech iView (Versions 5.7 and earlier). The issue is a directory/path traversal vulnerability due to improper validation of user-supplied paths in multiple components (e.g., exportTaskMgrReport, exportInventoryTable, DeviceTreeTable, NetworkServlet methods). Exploitatio...
CVE-2021-32930
Advantech iView (pre-5.7.03.6182) has a CVE-2021-32930 vulnerability described as Missing Authentication for Critical Function. The flaw allows an attacker to change configurations and, per ZDI, could enable remote code execution via the runProViewUpgrade action on NetworkServlet (port 8080). Pub...
CVE-2022-2142
CVE-2022-2142 is associated with Advantech iView SQL injection vulnerabilities in the affected management software. Connected sources describe a SQL injection with high attack complexity that may allow an unauthorized attacker to disclose information. The issue is reported for Advantech iView and...
CVE-2021-32932
CVE-2021-32932 affects Advantech iView. A SQL injection flaw exists in multiple iView endpoints (e.g., setDeviceAuthentication, saveZtpConfig, getInventoryReportData, getNextTrapPage) due to improper input validation, enabling disclosure of information to unauthenticated remote attackers. Impact ...
CVE-2023-3983
Advantech iView vulnerable to an authenticated SQL injection via bypass of com.imc.iview.utils.CUtils.checkSQLInjection() in versions prior to v5.7.4 build 6752. The issue enables blind SQL injection by an authenticated attacker with low privileges and no user interaction, potentially compromisin...
CVE-2021-22654
Advantech iView before version 5.7.03.6112 is vulnerable to SQL injection (CVE-2021-22654). The flaw allows an unauthenticated, network-accessing attacker to disclose information via insecure SQL query construction in the UserServlet/NetworkServlet components, per ZDI advisories and CVE records. ...
CVE-2025-53519
Advantech iView is affected in versions prior to 5.7.05 build 7057. The CVE describes a reflected cross-site scripting (XSS) vulnerability triggered by manipulating certain input parameters, allowing an attacker to execute scripts in a user’s browser and potentially cause information disclosure o...
CVE-2025-53509
Advantech iView contains an argument-injection vulnerability in NetworkServlet.restoreDatabase(), exploitable by an authenticated user with at least user-level privileges. An input parameter can be used directly in a command without sanitization, enabling arbitrary arguments and potentially leadi...
CVE-2025-53475
CVE-2025-53475 – Advantech iView SQL Injection . A vulnerability exists in Advantech iView where the parameter handling in NetworkServlet.getNextTrapPage() is not properly sanitized, enabling authenticated, low-privilege attackers to perform SQL injection and potentially achieve remote code execu...
CVE-2025-53515
Advantech iView is affected by CVE-2025-53515. The vulnerability exists in NetworkServlet.archiveTrap() and enables SQL injection with remote code execution. An authenticated attacker with at least user-level privileges can exploit insufficient input sanitization to perform SQL injection and pote...
CVE-2025-46704
Advantech iView contains a directory traversal vulnerability in NetworkServlet.processImportRequest() that an authenticated user (at least user-level) can exploit to infer existence of arbitrary files on the server. The root cause is a parameter that is not properly sanitized or normalized. Explo...
CVE-2025-53397
CVE-2025-53397 affects Advantech iView versions prior to 5.7.05 build 7057 and enables a reflected cross-site scripting (XSS) attack. Exploitation could cause the execution of unauthorized scripts in a user’s browser, potentially leading to information disclosure. Mitigation: upgrade to version 5...
CVE-2025-41442
CVE-2025-41442 affects Advantech iView. Connected documents confirm a reflected cross-site scripting (XSS) vulnerability in Advantech iView versions prior to 5.7.05 build 7057, exploitable by manipulating input parameters to cause unauthorized scripts in the user’s browser. Impact per sources inc...
CVE-2025-48891
Advantech iView contains a SQL injection vulnerability in CUtils.checkSQLInjection(), exploitable by an authenticated user with at least basic privileges. Affected: Advantech iView (versions prior to 5.7.05 build 7057 per CISA ICS advisory). Impact per sources: information disclosure or denial-of...
CVE-2025-52577
Advantech iView is affected by a vulnerability in NetworkServlet.archiveTrapRange() that enables SQL injection and potential remote code execution. An authenticated attacker with at least user-level privileges can exploit unsanitized input parameters to execute code in the context of the nt autho...
CVE-2022-50591
Advantech iView prior to version v5.7.04 build 6425 contains a vulnerability in the SNMP management tool that lets remote attackers bypass authentication and perform a SQL injection in the ztp_config_id parameter of the NetworkServlet endpoint. Successful exploitation can lead to exfiltration of ...
CVE-2022-50595
Advantech iView prior to v5.7.04 build 6425 is affected. The SNMP management tool exposes a SQL injection in the ztp_search_value parameter of the NetworkServlet, enabling remote attackers to bypass authentication and achieve remote code execution with administrator privileges. Root cause cited a...
CVE-2022-50593
Advantech iView prior to v5.7.04 build 6425 exposes a SQL injection in the NetworkServlet search_term parameter (via SNMP management tool) that can lead to remote code execution with administrator privileges. Root cause appears to be unsanitized input allowing SQL statements to reach the backend....
CVE-2022-50592
CVE-2022-50592 affects Advantech iView prior to v5.7.04 build 6425. The SNMP management tool contains an authentication bypass that enables a SQL injection in the getInventoryReportData parameter of the NetworkServlet endpoint, leading to remote code execution with administrator privileges. This ...
CVE-2022-50594
Advantech iView is affected: versions prior to v5.7.04 build 6425. The issue arises from a lack of validation in the data parameter of the NetworkServlet endpoint, enabling a SQL injection via the SNMP management tool. Remote attackers can bypass authentication and exploit this to disclose data, ...