Refine your search
12 vulnerabilities found for iView by Advantech
CVE-2025-13373 (GCVE-0-2025-13373)
Vulnerability from nvd
Published
2025-12-04 22:50
Modified
2025-12-05 14:41
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:41:06.639585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:41:15.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.05.7057"
},
{
"status": "unaffected",
"version": "5.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "m00nback reported this vulnerability to CISA."
}
],
"datePublic": "2025-12-04T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.\u003c/span\u003e"
}
],
"value": "Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:50:36.079Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-07.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183\"\u003eiView v5.8.1\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to iView v5.8.1 https://www.advantech.com/zh-tw/support/details/firmware ."
}
],
"source": {
"advisory": "ICSA-25-338-07",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13373",
"datePublished": "2025-12-04T22:50:36.079Z",
"dateReserved": "2025-11-18T18:48:07.936Z",
"dateUpdated": "2025-12-05T14:41:15.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50595 (GCVE-0-2022-50595)
Vulnerability from nvd
Published
2025-11-06 19:58
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:32:39.463045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:33:36.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018ztp_search_value\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_search_value\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_search_value\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:59.400Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_search_value-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-ztpsearchvalue-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50595",
"datePublished": "2025-11-06T19:58:23.068Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:59.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50594 (GCVE-0-2022-50594)
Vulnerability from nvd
Published
2025-11-06 19:57
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:09:23.817460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:10:30.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018data\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018data\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018data\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:29.701Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50594",
"datePublished": "2025-11-06T19:57:00.425Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:29.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50593 (GCVE-0-2022-50593)
Vulnerability from nvd
Published
2025-11-06 19:57
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:53:42.734371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:02:21.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018data\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018search_term\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018search_term\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:11.781Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-search_term-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-searchterm-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 search_term Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50593",
"datePublished": "2025-11-06T19:57:44.271Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:11.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50592 (GCVE-0-2022-50592)
Vulnerability from nvd
Published
2025-11-06 19:57
Modified
2025-11-15 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:06:59.646737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:07:38.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018getInventoryReportData\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018getInventoryReportData\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018getInventoryReportData\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:58:49.386Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50592",
"datePublished": "2025-11-06T19:57:20.528Z",
"dateReserved": "2025-11-05T16:58:35.656Z",
"dateUpdated": "2025-11-15T23:58:49.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50591 (GCVE-0-2022-50591)
Vulnerability from nvd
Published
2025-11-06 19:58
Modified
2025-11-15 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:36:05.770888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:36:15.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018ztp_config_id\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_config_id\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_config_id\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:58:29.068Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_config_id-parameter-sql-injection-information-disclosure-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-ztpconfigid-parameter-sqli-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50591",
"datePublished": "2025-11-06T19:58:06.223Z",
"dateReserved": "2025-11-05T16:58:35.656Z",
"dateUpdated": "2025-11-15T23:58:29.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13373 (GCVE-0-2025-13373)
Vulnerability from cvelistv5
Published
2025-12-04 22:50
Modified
2025-12-05 14:41
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:41:06.639585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:41:15.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.05.7057"
},
{
"status": "unaffected",
"version": "5.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "m00nback reported this vulnerability to CISA."
}
],
"datePublic": "2025-12-04T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.\u003c/span\u003e"
}
],
"value": "Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:50:36.079Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-07.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183\"\u003eiView v5.8.1\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to iView v5.8.1 https://www.advantech.com/zh-tw/support/details/firmware ."
}
],
"source": {
"advisory": "ICSA-25-338-07",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13373",
"datePublished": "2025-12-04T22:50:36.079Z",
"dateReserved": "2025-11-18T18:48:07.936Z",
"dateUpdated": "2025-12-05T14:41:15.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50595 (GCVE-0-2022-50595)
Vulnerability from cvelistv5
Published
2025-11-06 19:58
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:32:39.463045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:33:36.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018ztp_search_value\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_search_value\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_search_value\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:59.400Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_search_value-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-ztpsearchvalue-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50595",
"datePublished": "2025-11-06T19:58:23.068Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:59.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50591 (GCVE-0-2022-50591)
Vulnerability from cvelistv5
Published
2025-11-06 19:58
Modified
2025-11-15 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:36:05.770888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:36:15.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018ztp_config_id\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_config_id\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018ztp_config_id\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:58:29.068Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_config_id-parameter-sql-injection-information-disclosure-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-ztpconfigid-parameter-sqli-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50591",
"datePublished": "2025-11-06T19:58:06.223Z",
"dateReserved": "2025-11-05T16:58:35.656Z",
"dateUpdated": "2025-11-15T23:58:29.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50593 (GCVE-0-2022-50593)
Vulnerability from cvelistv5
Published
2025-11-06 19:57
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:53:42.734371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:02:21.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018data\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018search_term\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018search_term\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:11.781Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-search_term-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-searchterm-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 search_term Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50593",
"datePublished": "2025-11-06T19:57:44.271Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:11.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50592 (GCVE-0-2022-50592)
Vulnerability from cvelistv5
Published
2025-11-06 19:57
Modified
2025-11-15 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:06:59.646737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:07:38.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018getInventoryReportData\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018getInventoryReportData\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018getInventoryReportData\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for remote code execution with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:58:49.386Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50592",
"datePublished": "2025-11-06T19:57:20.528Z",
"dateReserved": "2025-11-05T16:58:35.656Z",
"dateUpdated": "2025-11-15T23:58:49.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50594 (GCVE-0-2022-50594)
Vulnerability from cvelistv5
Published
2025-11-06 19:57
Modified
2025-11-15 23:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:09:23.817460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:10:30.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"\u2018NetworkServlet\u2019 endpoint",
"\u2018data\u2019 parameter"
],
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.04 build 6425",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.04.6425",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech iView versions prior to v5.7.04 build 6425\u0026nbsp;contain a vulnerability \u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003ewithin the SNMP management tool\u0026nbsp;that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018data\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.\u003c/span\u003e"
}
],
"value": "Advantech iView versions prior to v5.7.04 build 6425\u00a0contain a vulnerability within the SNMP management tool\u00a0that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the \u2018data\u2019 parameter to the \u2018NetworkServlet\u2019 endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T23:59:29.701Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.advantech.tw/support/details/firmware?id=1-HIPU-183"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-01T17:00:00.000Z",
"value": "Exodus Intelligence publicly discloses technical details of vulnerability."
},
{
"lang": "en",
"time": "2022-01-27T17:00:00.000Z",
"value": "Advantech releases patched version - 5.7.04 build 6425."
}
],
"title": "Advantech iView \u003c v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50594",
"datePublished": "2025-11-06T19:57:00.425Z",
"dateReserved": "2025-11-05T16:58:35.657Z",
"dateUpdated": "2025-11-15T23:59:29.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}