All the vulnerabilites related to Advantech - iView
var-202206-2048
Vulnerability from variot
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2139",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2139",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2022-2139",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Advantech Co., Ltd. iView Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the filename element of the exportDeviceList action, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2139",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16783",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-933",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16702",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-932",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16701",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-931",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2139",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"id": "VAR-202206-2048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201955"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2139"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2139/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"db": "VULHUB",
"id": "VHN-426273"
},
{
"db": "VULMON",
"id": "CVE-2022-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-07-22T15:15:08.350000",
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-933"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-932"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-931"
},
{
"date": "2022-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-426273"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013713"
},
{
"date": "2022-07-29T01:19:10.197000",
"db": "NVD",
"id": "CVE-2022-2139"
},
{
"date": "2022-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2728"
}
],
"trust": 0.6
}
}
var-202206-1670
Vulnerability from variot
This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.53-1~deb11u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: security-tracker.debian.org/tracker/chromium
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2156",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2156",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the UserName element of the set_useraccount action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Multiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure. \nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1. \nWe recommend that you upgrade your chromium packages. \nFor the detailed security status of chromium please refer to\nits security tracker page at:\nsecurity-tracker.debian.org/tracker/chromium",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2156",
"trust": 1.4
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2156",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"id": "VAR-202206-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2022-07-05T22:20:22.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Google Chrome Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197132"
},
{
"title": "Debian Security Advisories: DSA-5168-1 chromium -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1df55fca5bc84b333e3feb3ff9ec9e70"
},
{
"title": "Google Chrome: Stable Channel Update for Desktop",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=f4139027edd7716be086c3c70b2fd7d6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38642"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2156"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3056"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5168"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULMON",
"id": "CVE-2022-2156"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2145"
}
],
"trust": 0.6
}
}
var-202205-1116
Vulnerability from variot
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-2137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2137",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2022-2137",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the device_get_community and device_set_community elements of the addDeviceTreeItem action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2137",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16746",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-927",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16745",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-926",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2137",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"id": "VAR-202205-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201806"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/explangcn/fuyao-go "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2137"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2137/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"db": "VULHUB",
"id": "VHN-426271"
},
{
"db": "VULMON",
"id": "CVE-2022-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-07-22T15:15:08.237000",
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-926"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426271"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013715"
},
{
"date": "2022-07-28T20:10:50.920000",
"db": "NVD",
"id": "CVE-2022-2137"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-927"
},
{
"db": "ZDI",
"id": "ZDI-22-926"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2717"
}
],
"trust": 0.6
}
}
var-202206-2050
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the PROP_GetCommunity and PROP_SetCommunity elements of the performSearchDevice action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 11.9,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
}
],
"trust": 6.3
},
"cve": "CVE-2022-2135",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 8.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2135",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 8.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2135",
"trust": 3.5,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2135",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the PROP_GetCommunity and PROP_SetCommunity elements of the performSearchDevice action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2135"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 11.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2135",
"trust": 13.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16750",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-919",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16529",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-918",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16535",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-917",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16561",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-916",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16585",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-915",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16562",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-914",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16751",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-912",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16531",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-911",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16549",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-907",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16731",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-902",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16548",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-900",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16545",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-899",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16693",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-898",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16550",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-889",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16584",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-885",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16647",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-882",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16552",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-881",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426269",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"id": "VAR-202206-2050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:27:49.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 13.0,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"db": "VULHUB",
"id": "VHN-426269"
},
{
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2022-07-22T15:15:08.117000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-919"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-918"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-917"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-916"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-915"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-914"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-912"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-911"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-907"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-902"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-900"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-899"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-898"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-889"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-885"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-882"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-881"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426269"
},
{
"date": "2022-07-28T20:10:10.260000",
"db": "NVD",
"id": "CVE-2022-2135"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView setTaskEditorItem DESCRIPTION SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-919"
}
],
"trust": 0.7
}
}
var-202206-2049
Vulnerability from variot
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.1,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
}
],
"trust": 1.4
},
"cve": "CVE-2022-2138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2138",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-2138",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2138",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2138",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Advantech Co., Ltd. iView There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to the clearDatabase functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2138",
"trust": 5.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16774",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-930",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16776",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-929",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16688",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-928",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2138",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"id": "VAR-202206-2049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.547000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201807"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2138"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2138/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"db": "VULHUB",
"id": "VHN-426272"
},
{
"db": "VULMON",
"id": "CVE-2022-2138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-07-22T15:15:08.293000",
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-930"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-929"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-928"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426272"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013714"
},
{
"date": "2022-07-28T20:12:50.197000",
"db": "NVD",
"id": "CVE-2022-2138"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2724"
}
],
"trust": 0.6
}
}
var-202102-0523
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22658",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-22658",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22658",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2021-22658",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381095",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22658",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-191",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12344",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381095",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"id": "VAR-202102-0523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13242"
}
]
},
"last_update_date": "2023-12-18T12:16:37.484000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13242)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/249611"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142089"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-191/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22658"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"db": "VULHUB",
"id": "VHN-381095"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381095"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"date": "2021-02-11T18:15:17.270000",
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-191"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13242"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381095"
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003419"
},
{
"date": "2021-02-12T15:04:32.003000",
"db": "NVD",
"id": "CVE-2021-22658"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-805"
}
],
"trust": 0.6
}
}
var-202206-2046
Vulnerability from variot
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2142",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2142",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2142",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2142",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16607",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-934",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2142",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"id": "VAR-202206-2046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201808"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2142"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2142/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"db": "VULHUB",
"id": "VHN-426276"
},
{
"db": "VULMON",
"id": "CVE-2022-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-07-22T15:15:08.407000",
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-934"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426276"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013712"
},
{
"date": "2022-07-28T20:13:12.980000",
"db": "NVD",
"id": "CVE-2022-2142"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2731"
}
],
"trust": 0.6
}
}
var-202007-0396
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-14499",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14499",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14499",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14499",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-14499",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14499",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-867",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10701",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47215",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167383",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"id": "VAR-202007-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:55:56.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Advantech iView Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124486"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-867/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14499"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01\u00a5"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47215"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"db": "VULHUB",
"id": "VHN-167383"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2020-07-15T03:15:50.513000",
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-867"
},
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167383"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008132"
},
{
"date": "2021-09-23T13:33:31.623000",
"db": "NVD",
"id": "CVE-2020-14499"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-951"
}
],
"trust": 0.6
}
}
var-202106-1186
Vulnerability from variot
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
],
"trust": 1.3
},
"cve": "CVE-2021-32930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392916",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32930",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32930",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-32930",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-392916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service acccount. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in the iView 5.7.03.6182 version. The vulnerability is due to the lack of authentication in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32930",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-648",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11832",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392916",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"id": "VAR-202106-1186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:06:10.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-hipu-183"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-648/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"db": "VULHUB",
"id": "VHN-392916"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-06-11T17:15:10.963000",
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-648"
},
{
"date": "2021-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-392916"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-06-23T16:07:34.457000",
"db": "NVD",
"id": "CVE-2021-32930"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-259"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202307-2113
Vulnerability from variot
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-2113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.4.6752"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.4.6752",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"cve": "CVE-2023-3983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-3983",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2023-24",
"trust": 1.0
},
{
"db": "NVD",
"id": "CVE-2023-3983",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"id": "VAR-202307-2113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40103188
},
"last_update_date": "2023-08-12T03:18:49.784000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-31T19:15:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-04T17:03:00",
"db": "NVD",
"id": "CVE-2023-3983"
}
]
}
}
var-202102-0522
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22656",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22656",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22656",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22656",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-22656",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Advantech iView Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22656",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-189",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12096",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13241",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381093",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"id": "VAR-202102-0522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13241"
}
]
},
"last_update_date": "2023-12-18T12:16:37.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Patch for Advantech iView path traversal vulnerability (CNVD-2021-13241)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/249606"
},
{
"title": "Advantech Iview Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142092"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-189/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22656"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"db": "VULHUB",
"id": "VHN-381093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381093"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"date": "2021-02-11T18:15:17.190000",
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-189"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13241"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381093"
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003418"
},
{
"date": "2021-02-12T15:04:23.940000",
"db": "NVD",
"id": "CVE-2021-22656"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Traversal Vulnerability in Japan",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003418"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-815"
}
],
"trust": 0.6
}
}
var-202209-1749
Vulnerability from variot
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5_7_04_6469 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:5.7.04.6469:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"cve": "CVE-2022-3323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3323",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3323",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3323",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2022-32",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92856810",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-342-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.6439",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-430947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"id": "VAR-202209-1749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:41:54.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iView\u00a0-\u00a0Webserver\u00a0version",
"trust": 0.8,
"url": "https://www.advantech.com/en/support/details/firmware?id=1-hipu-183"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2022-32"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92856810/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3323"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3323/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-430947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-09-27T23:15:15.867000",
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-430947"
},
{
"date": "2022-12-12T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-002776"
},
{
"date": "2022-09-29T16:41:35.093000",
"db": "NVD",
"id": "CVE-2022-3323"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2819"
}
],
"trust": 0.6
}
}
var-202106-1187
Vulnerability from variot
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 ‥ * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 ‥ * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 5.6,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.03.6182"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6182 earlier s"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6182",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Selim Enes Karaduman (@Enesdex)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
}
],
"trust": 4.2
},
"cve": "CVE-2021-32932",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32932",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-32932",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-32932",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001742",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-392918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Advantech Provided by iView Is SNMP Base device management software. iView The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-32930 \u2025 * SQL injection (CWE-89) - CVE-2021-32932The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party could change the system configuration or execute arbitrary code. - CVE-2021-32930 \u2025 * Information in the system is stolen by a remote third party - CVE-2021-32932. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getNextTrapPage action of NetworkServlet, which listens on TCP port 8080 by default. When parsing the search_description element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of the service account. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 7.29
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32932",
"trust": 8.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-154-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-656",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU92160646",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13141",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13137",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-655",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11846",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-654",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11838",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-653",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11837",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-652",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11836",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-651",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11834",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-650",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11833",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-649",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392918",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"id": "VAR-202106-1187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:36:06.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 5.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"title": "Support\u00a0\u0026\u00a0Download",
"trust": 0.8,
"url": "https://www.advantech.com/support/details/firmware?id=1-hipu-183"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152916"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "SQL injection (CWE-89) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92160646"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060407"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-656/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1970"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"db": "VULHUB",
"id": "VHN-392918"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-06-11T17:15:11.057000",
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-656"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-655"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-654"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-653"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-652"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-651"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-650"
},
{
"date": "2021-06-07T00:00:00",
"db": "ZDI",
"id": "ZDI-21-649"
},
{
"date": "2021-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-392918"
},
{
"date": "2021-06-07T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-001742"
},
{
"date": "2021-06-21T22:37:53.433000",
"db": "NVD",
"id": "CVE-2021-32932"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-250"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0 Made \u00a0iView\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202007-0400
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program's failure to correctly verify the string submitted by the user before making a system call
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43172",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167390",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14505",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14505",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008660",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14505",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167390",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech iView is a device management application provided by Advantech. The vulnerability stems from the program\u0027s failure to correctly verify the string submitted by the user before making a system call",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14505",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-831",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10645",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43172",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167390",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"id": "VAR-202007-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
}
]
},
"last_update_date": "2023-12-18T12:56:00.212000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/227259"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124489"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14505"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-831/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14505"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47233"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "VULHUB",
"id": "VHN-167390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-07-15T02:15:12.627000",
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-831"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167390"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008660"
},
{
"date": "2020-07-22T14:59:39.213000",
"db": "NVD",
"id": "CVE-2020-14505"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43172"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-961"
}
],
"trust": 0.6
}
}
var-202102-0634
Vulnerability from variot
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries.
Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0634",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spencer McIntyre",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22652",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22652",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22652",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22652",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381089",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. \n\r\n\r\nAdvantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-381089",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22652",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "161937",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11077",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381089",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22652",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"id": "VAR-202102-0634",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
}
]
},
"last_update_date": "2023-12-18T12:16:37.557000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Key features of Advantech iView lack certification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/248551"
},
{
"title": "Advantech Iview Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/161937/advantech-iview-unauthenticated-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22652"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"db": "VULHUB",
"id": "VHN-381089"
},
{
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-02-11T18:15:17.003000",
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11077"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-381089"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22652"
},
{
"date": "2021-11-04T06:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-003754"
},
{
"date": "2021-03-26T20:06:44.527000",
"db": "NVD",
"id": "CVE-2021-22652"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-813"
}
],
"trust": 0.6
}
}
var-202102-0521
Vulnerability from variot
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lt",
"trust": 1.6,
"vendor": "advantech",
"version": "5.7.03.6112"
},
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.03.6112"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.03.6112",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22654",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-13243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22654",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22654",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-22654",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381091",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Advantech iView Has SQL An injection vulnerability exists.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is an equipment management application for the energy, water and wastewater industries. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22654",
"trust": 4.5
},
{
"db": "ZDI",
"id": "ZDI-21-190",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-21-188",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97517721",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12343",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12095",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-13243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381091",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"id": "VAR-202102-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-13243"
}
]
},
"last_update_date": "2023-12-18T12:16:37.445000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.com/"
},
{
"title": "Patch for Advantech iView SQL injection vulnerability (CNVD-2021-13243)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/249616"
},
{
"title": "Advantech Iview SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142091"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"trust": 3.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-190/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-188/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22654"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97517721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0469"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"db": "VULHUB",
"id": "VHN-381091"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381091"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"date": "2021-02-11T18:15:17.113000",
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-190"
},
{
"date": "2021-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-21-188"
},
{
"date": "2021-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-13243"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-381091"
},
{
"date": "2021-10-26T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-003417"
},
{
"date": "2021-02-12T04:10:39.917000",
"db": "NVD",
"id": "CVE-2021-22654"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-814"
}
],
"trust": 0.6
}
}
var-202206-2047
Vulnerability from variot
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 1.4,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@rgod777",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
}
],
"trust": 0.7
},
"cve": "CVE-2022-2143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-2143",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2143",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2143",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2022-2143",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2143",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426277",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2143",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168108",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16685",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-936",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16528",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-935",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426277",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2143",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"id": "VAR-202206-2047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"title": "Advantech iView Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=197831"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-77",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/168108/advantech-iview-networkservlet-command-injection.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2143"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2143/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"db": "VULHUB",
"id": "VHN-426277"
},
{
"db": "VULMON",
"id": "CVE-2022-2143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2022-07-22T15:15:08.463000",
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-936"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-935"
},
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-426277"
},
{
"date": "2023-09-11T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-013711"
},
{
"date": "2023-07-24T13:08:23.047000",
"db": "NVD",
"id": "CVE-2022-2143"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2735"
}
],
"trust": 0.6
}
}
var-202008-0373
Vulnerability from variot
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 6.3,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "upgrade 5.7.02"
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.7"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KPC",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
}
],
"trust": 6.3
},
"cve": "CVE-2020-16245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-49617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-169304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.2,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007819",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16245",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 4.9,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-16245",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-16245",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-007819",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-169304",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. iView Is Advantech Provided by the company SNMP Base device management software. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the exportTaskMgrReport method of the DeviceTreeTable class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView is an equipment management application for the energy, water and wastewater industries. The vulnerability stems from the failure of Advantech iView to properly filter resources or special elements in file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16245",
"trust": 9.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-238-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-1084",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1086",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1085",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1088",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1090",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1087",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1089",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1092",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-1091",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU93037867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10976",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10989",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10988",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10991",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10993",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10990",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10992",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10995",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10994",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-49617",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2915",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48440",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169304",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"id": "VAR-202008-0373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
}
]
},
"last_update_date": "2023-12-18T13:12:52.119000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 6.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"title": "iView Upgrade 5.7.02",
"trust": 0.8,
"url": "https://www.advantech.tw/support/details/faq?id=1-hipu-181"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/232402"
},
{
"title": "Advantech iView Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 9.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1084/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1085/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1086/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1087/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1088/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1089/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1090/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1091/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1092/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16245"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93037867/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2915/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48440"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "VULHUB",
"id": "VHN-169304"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"date": "2020-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169304"
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"date": "2020-08-25T19:15:12.563000",
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1084"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1086"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1085"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1088"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1090"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1087"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1089"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1092"
},
{
"date": "2020-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1091"
},
{
"date": "2020-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-169304"
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007819"
},
{
"date": "2020-08-31T17:30:24.297000",
"db": "NVD",
"id": "CVE-2020-16245"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49617"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1197"
}
],
"trust": 0.6
}
}
var-202007-0401
Vulnerability from variot
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 2.8,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
}
],
"trust": 2.8
},
"cve": "CVE-2020-14507",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54158",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008395",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-14507",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-14507",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008395",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167392",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14507",
"trust": 5.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-829",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-840",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-841",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10636",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10622",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10623",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10630",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54158",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47232",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167392",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"id": "VAR-202007-0401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
}
]
},
"last_update_date": "2023-12-18T12:55:56.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Patch for Advantech iView path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/235642"
},
{
"title": "Advantech iView Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124491"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-841/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14507"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-829/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-840/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14507"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47232"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "VULHUB",
"id": "VHN-167392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167392"
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"date": "2020-07-15T02:15:12.703000",
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-829"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-840"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-841"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-847"
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167392"
},
{
"date": "2020-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008395"
},
{
"date": "2020-07-21T20:28:36.477000",
"db": "NVD",
"id": "CVE-2020-14507"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54158"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-965"
}
],
"trust": 0.6
}
}
var-202206-2045
Vulnerability from variot
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 4.9,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lt",
"trust": 1.0,
"vendor": "advantech",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.7.04.6469"
},
{
"model": "iview",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.04.6469",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
],
"trust": 2.8
},
"cve": "CVE-2022-2136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2136",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-2136",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-2136",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Advantech Co., Ltd. iView for, SQL There is an injection vulnerability.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the ipaddress element of the updatePROMFile action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
}
],
"trust": 6.21
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2136",
"trust": 8.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-03",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97814223",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16772",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-925",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16771",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-924",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16775",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-923",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16752",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-922",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16744",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-921",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16748",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-920",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16773",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-937",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022062918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426270",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2136",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"id": "VAR-202206-2045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:33.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 4.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 7.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97814223/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2136"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062918"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"db": "VULHUB",
"id": "VHN-426270"
},
{
"db": "VULMON",
"id": "CVE-2022-2136"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-07-22T15:15:08.180000",
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-925"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-924"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-923"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-922"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-921"
},
{
"date": "2022-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-22-920"
},
{
"date": "2022-07-14T00:00:00",
"db": "ZDI",
"id": "ZDI-22-937"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-426270"
},
{
"date": "2023-09-11T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-013716"
},
{
"date": "2022-07-28T20:10:32.447000",
"db": "NVD",
"id": "CVE-2022-2136"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0iView\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2714"
}
],
"trust": 0.6
}
}
var-202007-0398
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-43173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167386",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008661",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14501",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14501",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008661",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14501",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167386",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech. Advantech Iview is a software based on Simple Network Protocol (SNMP) of China Advantech Company to manage B+B SmartWorx equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14501",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-859",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10699",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-43173",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47223",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167386",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"id": "VAR-202007-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
}
]
},
"last_update_date": "2023-12-18T12:55:56.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/227261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14501"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-859/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14501"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47223"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "VULHUB",
"id": "VHN-167386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167386"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"date": "2020-07-15T03:15:50.607000",
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-859"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-167386"
},
{
"date": "2020-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008661"
},
{
"date": "2020-07-22T15:08:12.010000",
"db": "NVD",
"id": "CVE-2020-14501"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-43173"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-955"
}
],
"trust": 0.6
}
}
var-202007-0395
Vulnerability from variot
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": null,
"trust": 11.2,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
}
],
"trust": 11.2
},
"cve": "CVE-2020-14497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-14497",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14497",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14497",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 5.6,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-14497",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14497",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167381",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 11.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14497",
"trust": 13.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 1.9
},
{
"db": "ZDI",
"id": "ZDI-20-860",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-848",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-869",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-862",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-843",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-868",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-828",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-846",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-830",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-861",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-838",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-851",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-858",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-849",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-839",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-850",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-20-844",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-864",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-847",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-863",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-837",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-855",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-866",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-842",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-857",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-854",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-832",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-835",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-845",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-856",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-833",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-852",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-836",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-827",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-865",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-20-853",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10700",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10631",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10716",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10703",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10626",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10707",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10635",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10629",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10637",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10702",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10658",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10661",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10673",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10659",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10621",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10660",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-968",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167381",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"id": "VAR-202007-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167381"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:33:57.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 11.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 1.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-827/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-828/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-830/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-832/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-833/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-835/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-836/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-837/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-838/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-839/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-842/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-843/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-844/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-845/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-846/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-847/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-848/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-849/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-850/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-851/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-852/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-853/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-854/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-855/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-856/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-857/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-858/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-860/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-861/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-862/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-863/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-864/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-865/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-866/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-868/"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-869/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14497"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"db": "VULHUB",
"id": "VHN-167381"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167381"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"date": "2020-07-15T02:15:12.547000",
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-860"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-869"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-862"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-843"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-868"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-828"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-846"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-830"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-861"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-838"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-851"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-858"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-849"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-839"
},
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-850"
},
{
"date": "2020-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167381"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008131"
},
{
"date": "2020-07-21T20:34:07.950000",
"db": "NVD",
"id": "CVE-2020-14497"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-848"
},
{
"db": "ZDI",
"id": "ZDI-20-830"
}
],
"trust": 1.4
}
}
var-202007-0399
Vulnerability from variot
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iview",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": "eq",
"trust": 0.8,
"vendor": "advantech",
"version": "5.6"
},
{
"model": "iview",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "iview",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14503",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-54157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167388",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007697",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14503",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-007697",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2020-14503",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167388",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14503",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-196-01",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-834",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95694616",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10646",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-54157",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47219",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167388",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"id": "VAR-202007-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-54157"
}
]
},
"last_update_date": "2023-12-18T12:56:00.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.advantech.co.jp/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"title": "Patch for Advantech iView input verification vulnerability (CVE-2020-14503)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/235648"
},
{
"title": "Advantech iView Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124488"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14503"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-834/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14503"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95694616/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47219"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2382/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"db": "VULHUB",
"id": "VHN-167388"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-167388"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"date": "2020-07-15T03:15:50.687000",
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "ZDI",
"id": "ZDI-20-834"
},
{
"date": "2020-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-54157"
},
{
"date": "2020-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-167388"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007697"
},
{
"date": "2020-07-23T19:26:29.337000",
"db": "NVD",
"id": "CVE-2020-14503"
},
{
"date": "2020-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech iView Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007697"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-958"
}
],
"trust": 0.6
}
}
cve-2020-14497
Vulnerability from cvelistv5
Published
2020-07-15 01:50
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14497",
"datePublished": "2020-07-15T01:50:54",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2135
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2135",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2135",
"datePublished": "2022-07-22T14:58:45.454785Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T23:42:01.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52335
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-610/ | x_research-advisory | |
| https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 | vendor-advisory |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.04"
}
]
}
],
"dateAssigned": "2024-01-11T14:42:51.906-06:00",
"datePublic": "2024-06-12T09:10:09.423-05:00",
"descriptions": [
{
"lang": "en",
"value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:15.175Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-610",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-52335",
"datePublished": "2024-11-22T20:05:15.175Z",
"dateReserved": "2024-01-11T20:39:58.816Z",
"dateUpdated": "2024-11-22T20:05:15.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2138
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:18",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2138",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2138",
"datePublished": "2022-07-22T14:58:18.441240Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T00:46:11.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14503
Vulnerability from cvelistv5
Published
2020-07-15 02:15
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-834/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-834/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14503",
"datePublished": "2020-07-15T02:15:13",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22656
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-189/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-189/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22656",
"datePublished": "2021-02-11T16:06:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2143
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T18:06:17",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2143",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
},
{
"name": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2143",
"datePublished": "2022-07-22T14:59:13.360646Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T19:36:30.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2139
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:03",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2139",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2139",
"datePublished": "2022-07-22T14:58:03.033445Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T03:53:35.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14505
Vulnerability from cvelistv5
Published
2020-07-15 01:59
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-831/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:33",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (\u201ccommand injection\u201d) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14505",
"datePublished": "2020-07-15T01:59:33",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32930
Vulnerability from cvelistv5
Published
2021-06-11 16:25
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:25:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32930",
"datePublished": "2021-06-11T16:25:36",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2142
Vulnerability from cvelistv5
Published
2022-07-22 14:59
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:59:30",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2142",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2142",
"datePublished": "2022-07-22T14:59:30.208432Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T17:14:59.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2137
Vulnerability from cvelistv5
Published
2022-07-22 14:57
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:57:57",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2137",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2137",
"datePublished": "2022-07-22T14:57:57.232721Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-17T00:30:56.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14501
Vulnerability from cvelistv5
Published
2020-07-15 02:19
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14501",
"datePublished": "2020-07-15T02:19:48",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3983
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 15:33
Severity ?
EPSS score ?
Summary
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:32:37.120433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:33:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.4 build 6752"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-3983",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-27T00:00:00",
"dateUpdated": "2024-10-22T15:33:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22658
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-191/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to \u0027Administrator\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-191/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22658",
"datePublished": "2021-02-11T16:06:25",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32932
Vulnerability from cvelistv5
Published
2021-06-11 16:24
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to v5.7.03.6182"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T16:24:18",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_value": "versions prior to v5.7.03.6182"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32932",
"datePublished": "2021-06-11T16:24:18",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2136
Vulnerability from cvelistv5
Published
2022-07-22 14:58
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
Advantech iView
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Advantech iView | iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iView",
"vendor": "Advantech iView",
"versions": [
{
"lessThan": "5_7_04_6469",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"datePublic": "2022-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T14:58:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
},
"title": "Advantech iView",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-28T17:00:00.000Z",
"ID": "CVE-2022-2136",
"STATE": "PUBLIC",
"TITLE": "Advantech iView"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "5_7_04_6469"
}
]
}
}
]
},
"vendor_name": "Advantech iView"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "rgod, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends updating firmware to Version 5_7_4_6469 to address these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-22-179-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2136",
"datePublished": "2022-07-22T14:58:55.154822Z",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-09-16T23:40:35.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16245
Vulnerability from cvelistv5
Published
2020-08-25 18:03
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1085/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1089/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1092/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1086/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1091/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1087/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1088/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1090/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1084/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.7 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T15:06:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.7 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1085/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1089/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1092/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1086/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1091/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1087/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1088/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1090/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1084/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16245",
"datePublished": "2020-08-25T18:03:49",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22652
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:06.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T18:06:13",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22652",
"datePublished": "2021-02-11T16:06:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:06.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3323
Vulnerability from cvelistv5
Published
2022-09-27 13:51
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2022-32 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech iView 5.7.04.6469"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T13:51:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Advantech iView 5.7.04.6469"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-3323",
"datePublished": "2022-09-27T13:51:02",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22654
Vulnerability from cvelistv5
Published
2021-02-11 16:06
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-190/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-188/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iView versions prior to v5.7.03.6112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:06:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "iView versions prior to v5.7.03.6112"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-190/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-188/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22654",
"datePublished": "2021-02-11T16:06:18",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:51:05.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14499
Vulnerability from cvelistv5
Published
2020-07-15 02:11
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-867/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:06:10",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14499",
"datePublished": "2020-07-15T02:11:10",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14507
Vulnerability from cvelistv5
Published
2020-07-15 01:48
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-847/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-841/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-829/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-840/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Advantech iView |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech iView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T19:06:14",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14507",
"datePublished": "2020-07-15T01:48:12",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}