Lucene search
K
AdvantechIview

37 matches found

CVE
CVE
added 2022/07/22 2:59 p.m.188 views

CVE-2022-2143

CVE-2022-2143 affects Advantech iView (NetworkServlet) and is caused by improper input validation of a parameter used in backup/file operations, enabling command injection. Affected products are Advantech iView versions prior to 5_7_04_6469. This vulnerability may allow remote code execution via ...

9.8CVSS9.7AI score0.59184EPSS
Web
CVE
CVE
added 2021/02/11 4:6 p.m.123 views

CVE-2021-22652

CVE-2021-22652 concerns Advantech iView prior to v5.7.03.6112. A missing authentication vulnerability on configuration access may allow an unauthenticated attacker to modify settings and achieve code execution. Public sources in the connected set corroborate an unauthenticated remote code executi...

9.8CVSS9.4AI score0.36845EPSS
Web
CVE
CVE
added 2020/07/15 1:50 a.m.88 views

CVE-2020-14497

CVE-2020-14497 affects Advantech iView (versions ≤5.6). Connected documents reveal multiple SQL Injection vulnerabilities across iView components (NetworkServlet, LinksTable, DeviceTreeTable, SystemTable) that allow attacker-controlled input to be used in SQL queries. Root cause: lack of proper v...

9.8CVSS9.8AI score0.04922EPSS
CVE
CVE
added 2022/07/22 2:58 p.m.88 views

CVE-2022-2135

CVE-2022-2135 affects Advantech iView. Multiple sources describe a SQL Injection vulnerability in the iView product, notably in the findCfgDeviceList action (segment parameter parsing) through the NetworkServlet endpoint (port 8080). ZDI advisories detail remote attackers being able to exploit by...

7.5CVSS7.6AI score0.10085EPSS
CVE
CVE
added 2022/07/22 2:58 p.m.76 views

CVE-2022-2136

The CVE-2022-2136 issue concerns Advantech iView, where multiple SQL injection weaknesses exist due to insufficient input validation (for example, ipaddress in updatePROMFile and related parameters in exportTaskMgrReport/exportPSInventoryTable). The attached documents specify that these flaws ena...

8.8CVSS6.8AI score0.09002EPSS
CVE
CVE
added 2024/11/22 8:5 p.m.76 views

CVE-2023-52335

CVE-2023-52335 affects Advantech iView’s ConfigurationServlet (listens on TCP port 8080). The flaw arises when parsing the column_value element, where user-supplied data is used to construct SQL queries without proper validation, enabling SQL injection and information disclosure of credentials. D...

7.5CVSS7.5AI score0.01271EPSS
CVE
CVE
added 2022/07/22 2:58 p.m.75 views

CVE-2022-2139

CVE-2022-2139 affects Advantech iView and is a directory traversal vulnerability. Multiple connected sources describe improper validation of user-supplied paths in iView components, leading to access of unauthorized files and potential remote code execution. Specific affected endpoints include Me...

9.8CVSS8.2AI score0.14828EPSS
CVE
CVE
added 2022/09/27 1:51 p.m.75 views

CVE-2022-3323

Advantech iView 5.7.04.6469 (and prior) is affected by an SQL injection in the ConfigurationServlet endpoint (port 8080 by default). An unauthenticated attacker can craft a special column_value in setConfiguration to bypass CUtils.checkSQLInjection() and disclose data, including the admin passwor...

7.5CVSS7.9AI score0.30674EPSS
CVE
CVE
added 2020/07/15 2:19 a.m.72 views

CVE-2020-14501

CVE-2020-14501 affects Advantech iView (versions 5.6 and prior). The root cause is a missing authentication for a critical function (CWE-306), enabling an unauthenticated attacker to obtain the user table information (including administrator credentials in plain text) and potentially delete the a...

9.8CVSS9.4AI score0.017EPSS
CVE
CVE
added 2020/07/15 2:11 a.m.71 views

CVE-2020-14499

Advantech iView (versions 5.6 and prior) is affected by an improper access control vulnerability (CVE-2020-14499) that could allow an attacker to obtain all user account credentials. Connected sources confirm the issue stems from inadequate access control in the application, enabling credential d...

7.5CVSS7.4AI score0.01745EPSS
CVE
CVE
added 2022/07/22 2:58 p.m.71 views

CVE-2022-2138

CV E-2022-2138 (Advantech iView) is documented with missing authentication allowing an attacker to read/modify sensitive data and potentially execute arbitrary code, leading to a denial-of-service condition. The core issue is an authentication bypass that affects the affected product (Advantech i...

8.2CVSS7.7AI score0.10924EPSS
CVE
CVE
added 2020/07/15 1:48 a.m.65 views

CVE-2020-14507

Advantech iView (versions 5.6 and earlier) is affected by multiple path traversal vulnerabilities in various components (MenuServlet, NetworkServlet, ZTPConfig, LinksTable) enabling creation/download of arbitrary files, disruption of availability, and remote code execution. Root cause across advi...

9.8CVSS9.6AI score0.04886EPSS
CVE
CVE
added 2021/02/11 4:6 p.m.63 views

CVE-2021-22658

Advantech iView is affected by CVE-2021-22658 (SQL Injection) on versions prior to 5.7.03.6112. The vulnerability arises in UserServlet processing, enabling an attacker to escalate to Administrator. Multiple connected sources confirm the issue and link it to privilege escalation via unsafely cons...

9.8CVSS9.6AI score0.12719EPSS
CVE
CVE
added 2020/07/15 1:59 a.m.61 views

CVE-2020-14505

CVE-2020-14505 affects Advantech iView (versions 5.6 and prior). The vulnerability is an improper neutralization of special elements used in a command (command injection) that could allow an attacker to compose a command string via HTTP GET/POST without proper validation, enabling remote code exe...

9.8CVSS9.5AI score0.07018EPSS
CVE
CVE
added 2021/02/11 4:6 p.m.61 views

CVE-2021-22656

Advantech iView vulnerable in versions prior to 5.7.03.6112 due to a directory traversal flaw in the CommandServlet class caused by improper validation of a user-supplied path, potentially allowing an attacker to read sensitive files. Remediation: upgrade to iView 5.7.03.6112 or later. Public adv...

7.5CVSS7.3AI score0.03124EPSS
CVE
CVE
added 2022/07/22 2:57 p.m.61 views

CVE-2022-2137

CVE-2022-2137 — Advantech iView SQL Injection . The vulnerability affects Advantech iView management software. It is described as two SQL injections that require high privileges to exploit and may allow an unauthorized attacker to disclose information (NVD CVSS v3.1 base score 4.9, vector AV:N/AC...

4.9CVSS5.5AI score0.00796EPSS
CVE
CVE
added 2020/07/15 2:15 a.m.59 views

CVE-2020-14503

Advantech iView (versions 5.6 and earlier) contains an improper input validation vulnerability that could allow remote code execution. The primary public detail points to NetworkServlet input handling as a critical flaw exploited remotely with no authentication (per ZDI advisory ZDI-20-834 and CV...

9.8CVSS9.6AI score0.03469EPSS
CVE
CVE
added 2020/08/25 6:3 p.m.58 views

CVE-2020-16245

CVE-2020-16245 affects Advantech iView (Versions 5.7 and earlier). The issue is a directory/path traversal vulnerability due to improper validation of user-supplied paths in multiple components (e.g., exportTaskMgrReport, exportInventoryTable, DeviceTreeTable, NetworkServlet methods). Exploitatio...

9.8CVSS9.5AI score0.07717EPSS
CVE
CVE
added 2021/06/11 4:25 p.m.58 views

CVE-2021-32930

Advantech iView (pre-5.7.03.6182) has a CVE-2021-32930 vulnerability described as Missing Authentication for Critical Function. The flaw allows an attacker to change configurations and, per ZDI, could enable remote code execution via the runProViewUpgrade action on NetworkServlet (port 8080). Pub...

9.8CVSS9.6AI score0.08055EPSS
CVE
CVE
added 2022/07/22 2:59 p.m.58 views

CVE-2022-2142

CVE-2022-2142 is associated with Advantech iView SQL injection vulnerabilities in the affected management software. Connected sources describe a SQL injection with high attack complexity that may allow an unauthorized attacker to disclose information. The issue is reported for Advantech iView and...

8.1CVSS6.3AI score0.00758EPSS
CVE
CVE
added 2021/06/11 4:24 p.m.56 views

CVE-2021-32932

CVE-2021-32932 affects Advantech iView. A SQL injection flaw exists in multiple iView endpoints (e.g., setDeviceAuthentication, saveZtpConfig, getInventoryReportData, getNextTrapPage) due to improper input validation, enabling disclosure of information to unauthenticated remote attackers. Impact ...

7.5CVSS7.2AI score0.01169EPSS
CVE
CVE
added 2023/07/31 12:0 a.m.52 views

CVE-2023-3983

Advantech iView vulnerable to an authenticated SQL injection via bypass of com.imc.iview.utils.CUtils.checkSQLInjection() in versions prior to v5.7.4 build 6752. The issue enables blind SQL injection by an authenticated attacker with low privileges and no user interaction, potentially compromisin...

8.8CVSS8.9AI score0.15135EPSS
CVE
CVE
added 2021/02/11 4:6 p.m.49 views

CVE-2021-22654

Advantech iView before version 5.7.03.6112 is vulnerable to SQL injection (CVE-2021-22654). The flaw allows an unauthenticated, network-accessing attacker to disclose information via insecure SQL query construction in the UserServlet/NetworkServlet components, per ZDI advisories and CVE records. ...

7.5CVSS7.5AI score0.11791EPSS
CVE
CVE
added 2025/07/10 11:14 p.m.33 views

CVE-2025-53519

Advantech iView is affected in versions prior to 5.7.05 build 7057. The CVE describes a reflected cross-site scripting (XSS) vulnerability triggered by manipulating certain input parameters, allowing an attacker to execute scripts in a user’s browser and potentially cause information disclosure o...

5.4CVSS5.7AI score0.00194EPSS
CVE
CVE
added 2025/07/10 11:29 p.m.30 views

CVE-2025-53509

Advantech iView contains an argument-injection vulnerability in NetworkServlet.restoreDatabase(), exploitable by an authenticated user with at least user-level privileges. An input parameter can be used directly in a command without sanitization, enabling arbitrary arguments and potentially leadi...

7.1CVSS6.4AI score0.00286EPSS
CVE
CVE
added 2025/07/10 11:23 p.m.29 views

CVE-2025-53475

CVE-2025-53475 – Advantech iView SQL Injection . A vulnerability exists in Advantech iView where the parameter handling in NetworkServlet.getNextTrapPage() is not properly sanitized, enabling authenticated, low-privilege attackers to perform SQL injection and potentially achieve remote code execu...

8.8CVSS8AI score0.0428EPSS
CVE
CVE
added 2025/07/10 11:25 p.m.29 views

CVE-2025-53515

Advantech iView is affected by CVE-2025-53515. The vulnerability exists in NetworkServlet.archiveTrap() and enables SQL injection with remote code execution. An authenticated attacker with at least user-level privileges can exploit insufficient input sanitization to perform SQL injection and pote...

8.8CVSS8.1AI score0.005EPSS
CVE
CVE
added 2025/07/10 11:19 p.m.28 views

CVE-2025-46704

Advantech iView contains a directory traversal vulnerability in NetworkServlet.processImportRequest() that an authenticated user (at least user-level) can exploit to infer existence of arbitrary files on the server. The root cause is a parameter that is not properly sanitized or normalized. Explo...

5.3CVSS6.4AI score0.03317EPSS
CVE
CVE
added 2025/07/10 11:13 p.m.28 views

CVE-2025-53397

CVE-2025-53397 affects Advantech iView versions prior to 5.7.05 build 7057 and enables a reflected cross-site scripting (XSS) attack. Exploitation could cause the execution of unauthorized scripts in a user’s browser, potentially leading to information disclosure. Mitigation: upgrade to version 5...

6.1CVSS5.7AI score0.00194EPSS
CVE
CVE
added 2025/07/10 11:15 p.m.25 views

CVE-2025-41442

CVE-2025-41442 affects Advantech iView. Connected documents confirm a reflected cross-site scripting (XSS) vulnerability in Advantech iView versions prior to 5.7.05 build 7057, exploitable by manipulating input parameters to cause unauthorized scripts in the user’s browser. Impact per sources inc...

5.4CVSS5.7AI score0.00194EPSS
CVE
CVE
added 2025/07/10 11:17 p.m.24 views

CVE-2025-48891

Advantech iView contains a SQL injection vulnerability in CUtils.checkSQLInjection(), exploitable by an authenticated user with at least basic privileges. Affected: Advantech iView (versions prior to 5.7.05 build 7057 per CISA ICS advisory). Impact per sources: information disclosure or denial-of...

7.6CVSS6.6AI score0.00271EPSS
CVE
CVE
added 2025/07/10 11:24 p.m.24 views

CVE-2025-52577

Advantech iView is affected by a vulnerability in NetworkServlet.archiveTrapRange() that enables SQL injection and potential remote code execution. An authenticated attacker with at least user-level privileges can exploit unsanitized input parameters to execute code in the context of the nt autho...

8.8CVSS8.1AI score0.005EPSS
CVE
CVE
added 2025/11/06 7:58 p.m.20 views

CVE-2022-50591

Advantech iView prior to version v5.7.04 build 6425 contains a vulnerability in the SNMP management tool that lets remote attackers bypass authentication and perform a SQL injection in the ztp_config_id parameter of the NetworkServlet endpoint. Successful exploitation can lead to exfiltration of ...

9.8CVSS7.8AI score0.00502EPSS
CVE
CVE
added 2025/11/06 7:58 p.m.17 views

CVE-2022-50595

Advantech iView prior to v5.7.04 build 6425 is affected. The SNMP management tool exposes a SQL injection in the ztp_search_value parameter of the NetworkServlet, enabling remote attackers to bypass authentication and achieve remote code execution with administrator privileges. Root cause cited a...

9.3CVSS8.8AI score0.00638EPSS
CVE
CVE
added 2025/11/06 7:57 p.m.16 views

CVE-2022-50593

Advantech iView prior to v5.7.04 build 6425 exposes a SQL injection in the NetworkServlet search_term parameter (via SNMP management tool) that can lead to remote code execution with administrator privileges. Root cause appears to be unsanitized input allowing SQL statements to reach the backend....

9.8CVSS8.8AI score0.00695EPSS
CVE
CVE
added 2025/11/06 7:57 p.m.14 views

CVE-2022-50592

CVE-2022-50592 affects Advantech iView prior to v5.7.04 build 6425. The SNMP management tool contains an authentication bypass that enables a SQL injection in the getInventoryReportData parameter of the NetworkServlet endpoint, leading to remote code execution with administrator privileges. This ...

9.3CVSS8.8AI score0.00638EPSS
CVE
CVE
added 2025/11/06 7:57 p.m.14 views

CVE-2022-50594

Advantech iView is affected: versions prior to v5.7.04 build 6425. The issue arises from a lack of validation in the data parameter of the NetworkServlet endpoint, enabling a SQL injection via the SNMP management tool. Remote attackers can bypass authentication and exploit this to disclose data, ...

8.8CVSS7.8AI score0.00463EPSS