Vulnerabilites related to advantech - iview
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
},
{
"lang": "es",
"value": "Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables al salto de directorios, lo que puede permitir a un atacante leer archivos confidenciales"
}
],
"id": "CVE-2021-22656",
"lastModified": "2024-11-21T05:50:25.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.190",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-25 19:15
Modified
2024-11-21 05:07
Severity ?
Summary
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1FCC11-FE17-4D31-933F-8C98D3D70366",
"versionEndIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.7 y anteriores. El producto afectado es susceptible a vulnerabilidades de salto de ruta que podr\u00edan permitir a un atacante crear y descargar archivos arbitrarios, limitar la disponibilidad del sistema y ejecutar c\u00f3digo remotamente"
}
],
"id": "CVE-2020-16245",
"lastModified": "2024-11-21T05:07:00.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-25T19:15:12.563",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de control de acceso inadecuado. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir a un atacante obtener las credenciales de todas las cuentas de usuario"
}
],
"id": "CVE-2020-14499",
"lastModified": "2024-11-21T05:03:24.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.513",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-22 20:15
Modified
2025-01-09 16:05
Severity ?
Summary
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB283D2-9626-493E-AC5C-7B9B507AC546",
"versionEndExcluding": "5.7.04.6752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n mediante inyecci\u00f3n SQL en ConfigurationServlet de Advantech iView. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Advantech iView. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servlet ConfigurationServlet, que escucha en el puerto TCP 8080 de manera predeterminada. Al analizar el elemento column_value, el proceso no valida correctamente una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para divulgar credenciales almacenadas, lo que conduce a una mayor vulnerabilidad. Era ZDI-CAN-17863."
}
],
"id": "CVE-2023-52335",
"lastModified": "2025-01-09T16:05:53.673",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T20:15:07.927",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Release Notes"
],
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, es vulnerable a vulnerabilidades de m\u00faltiples caminos que podr\u00edan permitir a un atacante crear/descargar archivos arbitrarios, limitar la disponibilidad del sistema y ejecutar c\u00f3digo de forma remota."
}
],
"id": "CVE-2020-14507",
"lastModified": "2024-11-21T05:03:25.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.703",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
},
{
"lang": "es",
"value": "El acceso a las versiones de Advantech iView anteriores a configuraci\u00f3n v5.7.03.6112 carece de autenticaci\u00f3n, lo que puede permitir a un atacante no autorizado cambiar la configuraci\u00f3n y obtener una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-22652",
"lastModified": "2024-11-21T05:50:23.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.003",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05210F63-F5C5-4783-A993-2E670F19B5F9",
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una inyecci\u00f3n SQL, que puede permitir a un atacante no autorizado divulgar informaci\u00f3n en el iView (versiones anteriores a v5.7.03.6182)"
}
],
"id": "CVE-2021-32932",
"lastModified": "2024-11-21T06:07:57.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T17:15:11.057",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable debido a la falta de autenticaci\u00f3n, lo que puede permitir a un atacante leer o modificar datos confidenciales y ejecutar c\u00f3digo arbitrario, resultando en una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-2138",
"lastModified": "2024-11-21T07:00:24.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.293",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05210F63-F5C5-4783-A993-2E670F19B5F9",
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
},
{
"lang": "es",
"value": "La configuraci\u00f3n del producto afectado es vulnerable debido a una falta de autenticaci\u00f3n, lo que puede permitir a un atacante cambiar la configuraci\u00f3n y ejecutar c\u00f3digo arbitrario en el iView (anterior a versi\u00f3n v5.7.03.6182)"
}
],
"id": "CVE-2021-32930",
"lastModified": "2024-11-21T06:07:56.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T17:15:10.963",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene un problema de autenticaci\u00f3n inadecuada para la funci\u00f3n cr\u00edtica (CWE-306). El aprovechamiento satisfactorio de esta vulnerabilidad puede permitir a un atacante obtener la informaci\u00f3n de la tabla de usuarios, incluidas las credenciales de administrador en texto plano. Un atacante tambi\u00e9n puede eliminar la cuenta del administrador"
}
],
"id": "CVE-2020-14501",
"lastModified": "2024-11-21T05:03:24.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.607",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a un salto de directorio, que puede permitir a un atacante acceder a archivos no autorizados y ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-2139",
"lastModified": "2024-11-21T07:00:24.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
},
{
"lang": "es",
"value": "Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyecci\u00f3n SQL, lo que puede permitir a un atacante escalar los privilegios a \"Administrator\""
}
],
"id": "CVE-2021-22658",
"lastModified": "2024-11-21T05:50:25.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a m\u00faltiples inyecciones SQL que pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2135",
"lastModified": "2024-11-21T07:00:24.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.117",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a dos inyecciones SQL que requieren altos privilegios para su explotaci\u00f3n y pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2137",
"lastModified": "2024-11-21T07:00:24.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 03:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de validaci\u00f3n de entrada inadecuada. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar remotamente c\u00f3digo arbitrario"
}
],
"id": "CVE-2020-14503",
"lastModified": "2024-11-21T05:03:24.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T03:15:50.687",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a m\u00faltiples inyecciones SQL que requieren privilegios bajos para su explotaci\u00f3n y pueden permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2136",
"lastModified": "2024-11-21T07:00:24.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.180",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL que son vulnerables al uso de una cadena controlada por el atacante en la construcci\u00f3n de consultas SQL. Un atacante podr\u00eda extraer las credenciales del usuario, leer o modificar la informaci\u00f3n y ejecutar el c\u00f3digo de forma remota"
}
],
"id": "CVE-2020-14497",
"lastModified": "2024-11-21T05:03:23.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 02:15
Modified
2024-11-21 05:03
Severity ?
Summary
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D96BE4-0CC3-4338-A58D-106561154DD6",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
},
{
"lang": "es",
"value": "Advantech iView, versiones 5.6 y anteriores, tiene una neutralizaci\u00f3n inadecuada de los elementos especiales utilizados en una vulnerabilidad de comando (\"inyecci\u00f3n de comando\"). La explotaci\u00f3n satisfactoria de esta vulnerabilidad puede permitir a un atacante enviar una solicitud HTTP GET o POST que cree una cadena de comandos sin ninguna validaci\u00f3n. El atacante puede entonces ejecutar remotamente el c\u00f3digo"
}
],
"id": "CVE-2020-14505",
"lastModified": "2024-11-21T05:03:24.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T02:15:12.627",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a dos instancias de inyecci\u00f3n de comandos, que pueden permitir a un atacante ejecutar remotamente c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-2143",
"lastModified": "2024-11-21T07:00:25.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.463",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 19:15
Modified
2024-11-21 08:18
Severity ?
Summary
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2023-24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2023-24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1856B3E0-0296-471D-828E-220B55F1E98D",
"versionEndExcluding": "5.7.4.6752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection."
}
],
"id": "CVE-2023-3983",
"lastModified": "2024-11-21T08:18:28.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T19:15:18.243",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 15:15
Modified
2024-11-21 07:00
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3EA62D-5DEE-46D5-BA3D-BD9F745F1191",
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una inyecci\u00f3n SQL con alta complejidad de ataque, que puede permitir a un atacante no autorizado divulgar informaci\u00f3n"
}
],
"id": "CVE-2022-2142",
"lastModified": "2024-11-21T07:00:24.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T15:15:08.407",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68503DEC-626C-4DC5-BE88-127AE71BD3DA",
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
},
{
"lang": "es",
"value": "Las versiones Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyecci\u00f3n SQL, lo que puede permitir a un atacante no autorizado revelar informaci\u00f3n"
}
],
"id": "CVE-2021-22654",
"lastModified": "2024-11-21T05:50:24.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-11T18:15:17.113",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-27 23:15
Modified
2024-11-21 07:19
Severity ?
Summary
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-32 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-32 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:iview:5.7.04.6469:*:*:*:*:*:*:*",
"matchCriteriaId": "6E39B345-0A1D-4908-B715-8549878F73FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Advantech iView versi\u00f3n 5.7.04.6469. La falla espec\u00edfica se presenta dentro del endpoint ConfigurationServlet, que escucha en el puerto TCP 8080 por defecto. Un atacante remoto no autenticado puede dise\u00f1ar un par\u00e1metro column_value especial en la acci\u00f3n setConfiguration para omitir las comprobaciones de com.imc.iview.utils.CUtils.checkSQLInjection() y llevar a cabo una inyecci\u00f3n SQL. Por ejemplo, el atacante puede explotar la vulnerabilidad para recuperar la contrase\u00f1a de administrador de iView"
}
],
"id": "CVE-2022-3323",
"lastModified": "2024-11-21T07:19:17.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-27T23:15:15.867",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-16245
Vulnerability from cvelistv5
Published
2020-08-25 18:03
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1085/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1089/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1092/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1086/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1091/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1087/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1088/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1090/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1084/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.7 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.7 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T15:06:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.7 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16245",
"datePublished": "2020-08-25T18:03:49",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22652
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T18:06:13",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22652",
"datePublished": "2021-02-11T16:06:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32930
Vulnerability from cvelistv5
Published
2021-06-11 16:25
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:25:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32930",
"datePublished": "2021-06-11T16:25:36",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14497
Vulnerability from cvelistv5
Published
2020-07-15 01:50
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14497",
"datePublished": "2020-07-15T01:50:54",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2136
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2136",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2136",
"datePublished": "2022-07-22T14:58:55.154822Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T23:40:35.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2135
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2135",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2135",
"datePublished": "2022-07-22T14:58:45.454785Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T23:42:01.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14503
Vulnerability from cvelistv5
Published
2020-07-15 02:15
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14503",
"datePublished": "2020-07-15T02:15:13",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32932
Vulnerability from cvelistv5
Published
2021-06-11 16:24
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:24:18",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32932",
"datePublished": "2021-06-11T16:24:18",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2143
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T18:06:17",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2143",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"name": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2143",
"datePublished": "2022-07-22T14:59:13.360646Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T19:36:30.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22658
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22658",
"datePublished": "2021-02-11T16:06:25",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2137
Vulnerability from cvelistv5
Published
2022-07-22 14:57
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:57:57",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2137",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2137",
"datePublished": "2022-07-22T14:57:57.232721Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T00:30:56.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22654
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22654",
"datePublished": "2021-02-11T16:06:18",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3323
Vulnerability from cvelistv5
Published
2022-09-27 13:51
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2022-32 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Advantech iView 5.7.04.6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech iView 5.7.04.6469"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T13:51:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Advantech iView 5.7.04.6469"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-3323",
"datePublished": "2022-09-27T13:51:02",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22656
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: iView versions prior to v5.7.03.6112 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22656",
"datePublished": "2021-02-11T16:06:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14501
Vulnerability from cvelistv5
Published
2020-07-15 02:19
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14501",
"datePublished": "2020-07-15T02:19:48",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2142
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:59:30",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2142",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2142",
"datePublished": "2022-07-22T14:59:30.208432Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T17:14:59.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14507
Vulnerability from cvelistv5
Published
2020-07-15 01:48
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-847/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-841/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-829/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-840/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:14",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14507",
"datePublished": "2020-07-15T01:48:12",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3983
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 15:33
Severity ?
EPSS score ?
Summary
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: versions prior to v5.7.4 build 6752 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:32:37.120433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:33:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.4 build 6752"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-3983",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-27T00:00:00",
"dateUpdated": "2024-10-22T15:33:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14505
Vulnerability from cvelistv5
Published
2020-07-15 01:59
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:33",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14505",
"datePublished": "2020-07-15T01:59:33",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2138
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:18",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2138",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2138",
"datePublished": "2022-07-22T14:58:18.441240Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T00:46:11.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52335
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-12-05 19:32
Severity ?
EPSS score ?
Summary
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-610/ | x_research-advisory | |
| https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advantech:iview:5.7.04:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iview",
"vendor": "advantech",
"versions": [
{
"status": "affected",
"version": "5.7.04"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:56.906074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:32:34.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.04"
}
]
}
],
"dateAssigned": "2024-01-11T14:42:51.906-06:00",
"datePublic": "2024-06-12T09:10:09.423-05:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:15.175Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-610",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-52335",
"datePublished": "2024-11-22T20:05:15.175Z",
"dateReserved": "2024-01-11T20:39:58.816Z",
"dateUpdated": "2024-12-05T19:32:34.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14499
Vulnerability from cvelistv5
Published
2020-07-15 02:11
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech iView |
Version: Versions 5.6 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:10",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14499",
"datePublished": "2020-07-15T02:11:10",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2139
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech iView | iView |
Version: All < 5_7_04_6469 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:03",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2139",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2139",
"datePublished": "2022-07-22T14:58:03.033445Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T03:53:35.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202209-1749
Vulnerability from variot
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5_7_04_6469 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"cve": "CVE-2022-3323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3323",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3323",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3323",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-3323",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3323",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2022-32",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92856810",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-342-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.6439",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-430947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"id": "VAR-202209-1749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:53:01.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iView\u00a0-\u00a0Webserver\u00a0version",
"trust": 0.8,
"url": "https://www.advantech.com/en/support/details/firmware?id=1-HIPU-183"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2022-32"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92856810/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3323"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3323/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"date": "2022-09-27T23:15:15.867000",
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
},
{
"date": "2022-09-29T16:41:35.093000",
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
}
}
var-202206-2048
Vulnerability from variot
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2139",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2139",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-2139",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2139",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16783",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-933",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16702",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-932",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16701",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-931",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2139",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"id": "VAR-202206-2048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201955"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2139"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2139/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"date": "2022-07-22T15:15:08.350000",
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
},
{
"date": "2022-07-29T01:19:10.197000",
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
}
}
var-202307-2113
Vulnerability from variot
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-2113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.4.6752"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.4.6752",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"cve": "CVE-2023-3983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-3983",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2023-24",
"trust": 1.0
},
{
"db": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"id": "VAR-202307-2113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2023-08-12T03:18:49.784000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-31T19:15:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-04T17:03:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
}
}
var-202102-0634
Vulnerability from variot
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries.
Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0634",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spencer McIntyre",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22652",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22652",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22652",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22652",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22652",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-22652",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381089",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. \n\r\n\r\nAdvantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-381089",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22652",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "161937",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381089",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"id": "VAR-202102-0634",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
}
]
},
"last_update_date": "2024-11-23T21:58:48.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Key features of Advantech iView lack certification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248551"
},
{
"title": "Advantech Iview Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/161937/advantech-iview-unauthenticated-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22652"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"date": "2021-02-11T18:15:17.003000",
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T06:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
},
{
"date": "2024-11-21T05:50:23.640000",
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
}
}
var-202106-1187
Vulnerability from variot
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 5.6,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
}
],
"trust": 4.2
},
"cve": "CVE-2021-32932",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32932",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32932",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32932",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-32932",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32932",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-392918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 7.29
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32932",
"trust": 8.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-656",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13141",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13137",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-655",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11846",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-654",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11838",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-653",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11837",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-652",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11836",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-651",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11834",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-650",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11833",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-649",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392918",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"id": "VAR-202106-1187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:13:32.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 5.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-HIPU-183"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152916"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-656/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"date": "2021-06-11T17:15:11.057000",
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
},
{
"date": "2021-06-21T22:37:53.433000",
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202007-0401
Vulnerability from variot
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 2.8,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
}
],
"trust": 2.8
},
"cve": "CVE-2020-14507",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54158",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14507",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008395",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167392",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 4.77
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14507",
"trust": 5.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-829",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-840",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-841",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10636",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10622",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10623",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10630",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47232",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167392",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"id": "VAR-202007-0401",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
}
]
},
"last_update_date": "2024-11-23T21:35:35.364000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/235642"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124491"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-841/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14507"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-829/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-840/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14507"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47232"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"date": "2020-07-15T02:15:12.703000",
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158",
"ident": null
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167392",
"ident": null
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965",
"ident": null
},
{
"date": "2024-11-21T05:03:25.207000",
"db": "NVD",
"id": "CVE-2020-14507",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
}
}
var-202102-0522
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22656",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22656",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22656",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22656",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22656",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22656",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22656",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22656",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-189",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12096",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381093",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"id": "VAR-202102-0522",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
}
]
},
"last_update_date": "2024-11-23T21:58:48.794000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView path traversal vulnerability (CNVD-2021-13241)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249606"
},
{
"title": "Advantech Iview Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142092"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-189/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22656"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"date": "2021-02-11T18:15:17.190000",
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381093",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815",
"ident": null
},
{
"date": "2024-11-21T05:50:25",
"db": "NVD",
"id": "CVE-2021-22656",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 Traversal Vulnerability in Japan",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
}
}
var-202102-0523
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22658",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22658",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-22658",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22658",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-22658",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-22658",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381095",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22658",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-191",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12344",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381095",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"id": "VAR-202102-0523",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
}
]
},
"last_update_date": "2024-11-23T21:58:48.758000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13242)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249611"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142089"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-191/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22658"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"date": "2021-02-11T18:15:17.270000",
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381095",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805",
"ident": null
},
{
"date": "2024-11-21T05:50:25.247000",
"db": "NVD",
"id": "CVE-2021-22658",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
}
}
var-202102-0521
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22654",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22654",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-22654",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22654",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381091",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 3.51
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22654",
"trust": 4.5
},
{
"db": "ZDI",
"id": "ZDI-21-190",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-21-188",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12343",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12095",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381091",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"id": "VAR-202102-0521",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
}
]
},
"last_update_date": "2024-11-23T21:58:48.720000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13243)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/249616"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142091"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-190/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-188/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22654"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"date": "2021-02-11T18:15:17.113000",
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188",
"ident": null
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381091",
"ident": null
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814",
"ident": null
},
{
"date": "2024-11-21T05:50:24.770000",
"db": "NVD",
"id": "CVE-2021-22654",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
}
}
var-202206-2046
Vulnerability from variot
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2142",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2142",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2142",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2022-2142",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2142",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16607",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-934",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2142",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"id": "VAR-202206-2046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201808"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2142"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2142/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"date": "2022-07-22T15:15:08.407000",
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
},
{
"date": "2022-07-28T20:13:12.980000",
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
}
}
var-202205-1116
Vulnerability from variot
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-2137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-2137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2137",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-2137",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2137",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16746",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-927",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16745",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-926",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2137",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"id": "VAR-202205-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201806"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2137"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2137/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"date": "2022-07-22T15:15:08.237000",
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
},
{
"date": "2022-07-28T20:10:50.920000",
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
}
}
var-202008-0373
Vulnerability from variot
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 6.3,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "upgrade 5.7.02"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.7"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
}
]
},
"credits": {
"_id": null,
"data": "KPC",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
}
],
"trust": 6.3
},
"cve": "CVE-2020-16245",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16245",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-49617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-169304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.2,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007819",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 4.9,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16245",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-007819",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-169304",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 7.92
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-16245",
"trust": 9.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-238-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-1084",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1086",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1085",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1088",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1090",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1087",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1089",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1092",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1091",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU93037867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10976",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10989",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10988",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10991",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10993",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10990",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10992",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10995",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10994",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2915",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48440",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169304",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"id": "VAR-202008-0373",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
}
]
},
"last_update_date": "2024-11-23T23:11:18.802000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 6.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"title": "iView Upgrade 5.7.02",
"trust": 0.8,
"url": "https://www.advantech.tw/support/details/faq?id=1-HIPU-181"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/232402"
},
{
"title": "Advantech iView Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 9.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1084/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1085/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1086/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1087/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1088/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1089/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1090/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1091/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1092/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93037867/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2915/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48440"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"date": "2020-08-25T19:15:12.563000",
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617",
"ident": null
},
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-169304",
"ident": null
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"ident": null
},
{
"date": "2024-11-21T05:07:00.960000",
"db": "NVD",
"id": "CVE-2020-16245",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
}
}
var-202206-1670
Vulnerability from variot
This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.53-1~deb11u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: security-tracker.debian.org/tracker/chromium
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2156",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2156",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure. \nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1. \nWe recommend that you upgrade your chromium packages. \nFor the detailed security status of chromium please refer to\nits security tracker page at:\nsecurity-tracker.debian.org/tracker/chromium",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2156",
"trust": 1.4
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2156",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"id": "VAR-202206-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2022-07-05T22:20:22.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Google Chrome Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197132"
},
{
"title": "Debian Security Advisories: DSA-5168-1 chromium -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1df55fca5bc84b333e3feb3ff9ec9e70"
},
{
"title": "Google Chrome: Stable Channel Update for Desktop",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=f4139027edd7716be086c3c70b2fd7d6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38642"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2156"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3056"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5168"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
],
"trust": 0.6
}
}
var-202206-2047
Vulnerability from variot
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2143",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2143",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2143",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2143",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2143",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2143",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-2143",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426277",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2143",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168108",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16685",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-936",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16528",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-935",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426277",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2143",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"id": "VAR-202206-2047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=197831"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/168108/advantech-iview-networkservlet-command-injection.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2143"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2143/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"date": "2022-07-22T15:15:08.463000",
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
},
{
"date": "2023-07-24T13:08:23.047000",
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
}
}
var-202206-2049
Vulnerability from variot
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-2138",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2138",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2138",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2138",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16774",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-930",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16776",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-929",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16688",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-928",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2138",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"id": "VAR-202206-2049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201807"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2138"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2138/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"date": "2022-07-22T15:15:08.293000",
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
},
{
"date": "2022-07-28T20:12:50.197000",
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
}
}
var-202007-0399
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14503",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14503",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167388",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14503",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-007697",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14503",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167388",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14503",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-834",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10646",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47219",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167388",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"id": "VAR-202007-0399",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
}
]
},
"last_update_date": "2024-11-23T21:35:34.664000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView input verification vulnerability (CVE-2020-14503)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/235648"
},
{
"title": "Advantech iView Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124488"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14503"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-834/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14503"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47219"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"date": "2020-07-15T03:15:50.687000",
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834",
"ident": null
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157",
"ident": null
},
{
"date": "2020-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167388",
"ident": null
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958",
"ident": null
},
{
"date": "2024-11-21T05:03:24.720000",
"db": "NVD",
"id": "CVE-2020-14503",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
}
}
var-202007-0400
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program's failure to correctly verify the string submitted by the user before making a system call
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14505",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43172",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167390",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14505",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14505",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14505",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008660",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14505",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167390",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program\u0027s failure to correctly verify the string submitted by the user before making a system call",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14505",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-831",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10645",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167390",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"id": "VAR-202007-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
}
]
},
"last_update_date": "2024-11-23T21:35:35.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227259"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124489"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14505"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-831/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14505"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47233"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"date": "2020-07-15T02:15:12.627000",
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
},
{
"date": "2024-11-21T05:03:24.963000",
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
}
}
var-202206-2050
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the CREATE_DATE element of the removeSearchDevicesFromTask action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
],
"trust": 9.8
},
"cve": "CVE-2022-2135",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 8.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2135",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2135",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the CREATE_DATE element of the removeSearchDevicesFromTask action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 11.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2135",
"trust": 13.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16750",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-919",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16529",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-918",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16535",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-917",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16561",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-916",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16585",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-915",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16562",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-914",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16659",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-910",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16747",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-908",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16583",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-905",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16592",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-904",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16693",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-898",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16649",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-894",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16563",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-888",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16645",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-887",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16658",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-884",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16647",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-882",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426269",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"id": "VAR-202206-2050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-25T23:05:13.067000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 13.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2135"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"date": "2022-07-22T15:15:08.117000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-910"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-908"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-905"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-904"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-894"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-888"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-887"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-884"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013717"
},
{
"date": "2022-07-28T20:10:10.260000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013717"
}
],
"trust": 0.8
}
}
var-202007-0395
Vulnerability from variot
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the retrieveActiveTrapCount method of the TrapTable class. When parsing the search_hostname HTTP parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Advantech iView is a device management application provided by Advantech
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
}
],
"trust": 11.2
},
"cve": "CVE-2020-14497",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-42953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 6.3,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.9,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 6.3,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 4.9,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14497",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167381",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the retrieveActiveTrapCount method of the TrapTable class. When parsing the search_hostname HTTP parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14497"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 11.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14497",
"trust": 12.9
},
{
"db": "ZDI",
"id": "ZDI-20-860",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-830",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-864",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-863",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-855",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-866",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-842",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-857",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-854",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-838",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-832",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-835",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-845",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-839",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-858",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-861",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-833",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-852",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-851",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-853",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10700",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10631",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10716",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10703",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10626",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10707",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10635",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10656",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10627",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10629",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10672",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10717",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10659",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10657",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10634",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10660",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-968",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167381",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"id": "VAR-202007-0395",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
]
},
"last_update_date": "2024-11-29T22:41:08.364000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227467"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-827/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-828/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-830/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-832/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-833/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-835/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-836/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-837/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-838/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-839/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-842/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-843/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-844/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-845/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-846/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-848/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-849/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-850/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-851/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-852/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-853/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-854/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-855/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-856/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-857/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-858/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-860/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-861/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-862/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-863/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-864/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-865/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-866/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-868/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-869/"
},
{
"trust": 1.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14497"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-836"
},
{
"db": "ZDI",
"id": "ZDI-20-844"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-856"
},
{
"db": "ZDI",
"id": "ZDI-20-865"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-837"
},
{
"db": "ZDI",
"id": "ZDI-20-827"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "CNVD",
"id": "CNVD-2020-42953"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"date": "2020-07-15T02:15:12.547000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-836",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-844",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-856",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-865",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-837",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-827",
"ident": null
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850",
"ident": null
},
{
"date": "2020-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-42953",
"ident": null
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167381",
"ident": null
},
{
"date": "2024-11-21T05:03:23.890000",
"db": "NVD",
"id": "CVE-2020-14497",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Advantech iView User checkForDuplicateUserName SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
}
],
"trust": 0.7
}
}
var-202007-0398
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"_id": null,
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"_id": null,
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:iview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14501",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167386",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14501",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14501",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14501",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008661",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14501",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167386",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"description": {
"_id": null,
"data": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14501",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-859",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10699",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47223",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167386",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"id": "VAR-202007-0398",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
}
]
},
"last_update_date": "2024-11-23T21:35:34.811000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/227261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14501"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-859/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14501"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47223"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"date": "2020-07-15T03:15:50.607000",
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859",
"ident": null
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173",
"ident": null
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167386",
"ident": null
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"ident": null
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955",
"ident": null
},
{
"date": "2024-11-21T05:03:24.480000",
"db": "NVD",
"id": "CVE-2020-14501",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Advantech iView access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
}
}
var-202106-1186
Vulnerability from variot
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
],
"trust": 1.3
},
"cve": "CVE-2021-32930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32930",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392916",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32930",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32930",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32930",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-32930",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-392916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32930",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-648",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11832",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392916",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"id": "VAR-202106-1186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:12:02.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-HIPU-183"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-648/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"date": "2021-06-11T17:15:10.963000",
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
},
{
"date": "2021-06-23T16:07:34.457000",
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202206-2045
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 4.9,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 2.8
},
"cve": "CVE-2022-2136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2136",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2136",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2136",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
}
],
"trust": 6.21
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2136",
"trust": 8.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16772",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-925",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16771",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-924",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16775",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-923",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16752",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-922",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16744",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-921",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16748",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-920",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426270",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2136",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"id": "VAR-202206-2045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 4.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 7.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2136"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"date": "2022-07-22T15:15:08.180000",
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-07-14T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
},
{
"date": "2022-07-28T20:10:32.447000",
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
}
}
var-202007-0396
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14499",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14499",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14499",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14499",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14499",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-14499",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14499",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-867",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10701",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47215",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167383",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"id": "VAR-202007-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:35:34.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124486"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-867/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14499"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01\u00a5"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47215"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"date": "2020-07-15T03:15:50.513000",
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
},
{
"date": "2024-11-21T05:03:24.210000",
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
}
}