Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ICSA-25-191-08
Vulnerability from csaf_cisa - Published: 2025-07-10 06:00 - Updated: 2025-07-10 06:00Summary
Advantech iView
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Taiwan
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
Do not click web links or open attachments in unsolicited email messages.
Recommended Practices
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"names": [
"Alex Williams"
],
"organization": "Converge Technology Solutions",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Taiwan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-191-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-191-08.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-191-08 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Advantech iView",
"tracking": {
"current_release_date": "2025-07-10T06:00:00.000000Z",
"generator": {
"date": "2025-07-10T16:44:14.786698Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-191-08",
"initial_release_date": "2025-07-10T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-07-10T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.7.05_build_7057",
"product": {
"name": "Advantech iView: \u003c5.7.05_build_7057",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "iView"
}
],
"category": "vendor",
"name": "Advantech"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53397",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user\u0027s browser, potentially leading to information disclosure or other malicious activities.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53397"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-53519",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user\u0027s browser, potentially leading to information disclosure or other malicious activities.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53519"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-41442",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user\u0027s browser, potentially leading to information disclosure or other malicious activities.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41442"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-48891",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48891"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-46704",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46704"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-53475",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the \u0027nt authority\\local service\u0027 account.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53475"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-52577",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the \u0027nt authority\\local service\u0027 account.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52577"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-53515",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the \u0027nt authority\\local service\u0027 account. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53515"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-52459",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52459"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-53509",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53509"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Advantech recommends users update to v5.7.05 build 7057.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции CUtils.checkSQLInjection() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Description
Уязвимость функции CUtils.checkSQLInjection() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-89
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08971",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-48891, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUtils.checkSQLInjection() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 SQL\\\") (CWE-89)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUtils.checkSQLInjection() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.archiveTrapRange() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции NetworkServlet.archiveTrapRange() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-89
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08967",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-52577, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.archiveTrapRange() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 SQL\\\") (CWE-89)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.archiveTrapRange() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.archiveTrap() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции NetworkServlet.archiveTrap() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://vulners.com/cve/CVE-2025-53515
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-89
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08965",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-53515, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.archiveTrap() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 SQL\\\") (CWE-89)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.archiveTrap() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://vulners.com/cve/CVE-2025-53515\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Description
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, провести атаку межсайтового скриптинга (XSS)
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08969",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-53397, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,1)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.getNextTrapPage() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции NetworkServlet.getNextTrapPage() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-89
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08968",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-53475, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.getNextTrapPage() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 SQL\\\") (CWE-89)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.getNextTrapPage() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Description
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, провести атаку межсайтового скриптинга (XSS)
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08972",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-41442, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,1)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.processImportRequest() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость функции NetworkServlet.processImportRequest() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-22
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08970",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-46704, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.processImportRequest() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.processImportRequest() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.backupDatabase() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость функции NetworkServlet.backupDatabase() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с внедрением или модификацией аргументов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-88
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08964",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-52459, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.backupDatabase() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 (CWE-88)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.backupDatabase() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-88",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Description
Уязвимость системы централизованного управления сетевыми устройствами и портами Advantech iView связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, провести атаку межсайтового скриптинга (XSS)
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08963",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-53519, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,1)"
}
ICSA-25-191-08
Vulnerability from fstec - Published: 13.06.2025
VLAI Severity ?
Title
Уязвимость функции NetworkServlet.restoreDatabase() системы централизованного управления сетевыми устройствами и портами Advantech iView, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость функции NetworkServlet.restoreDatabase() системы централизованного управления сетевыми устройствами и портами Advantech iView связана с внедрением или модификацией аргументов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Advantech Co., Ltd
Software Name
Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver
Software Version
до 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)
Possible Mitigations
Использование рекомендаций:
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
CWE
CWE-88
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Advantech Co., Ltd",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.7.05 build 7057 (Advantech iView), - (IMC-574I-FVM-A), - (IMC-574I-FVR-A), - (IMC-574I-SFP), - (IMC-574I-SFP-A), - (IMC-574I-SFP-PS), - (IMC-574I-SFP-PS-A), - (IMC-721I-E1MUX), - (IMC-721I-MM), - (IMC-721I-MMST), - (IMC-721I-SE), - (IMC-721I-SEST), - (IMC-721I-SFP), - (IMC-721I-SL), - (IMC-721I-SSER), - (IMC-721I-SSR), - (IMC-721I-SST), - (IMC-721I-T1MUX), - (IMC-723-SE), - (IMC-723-SSER), - (IMC-723-SSET), - (IMC-723-SSR), - (IMC-723-SST), - (IMC-750-SE), - (IMC-750-SEST), - (IMC-750-SSER), - (IMC-750-SSET), - (IMC-750-SSLR), - (IMC-750-SSLT), - (IMC-750-SSR), - (IMC-750-SST), - (IMC-750I-SFP), - (IMC-751-M8), - (IMC-751-M8ST), - (IMC-762-SSET), - (IMC-762-SSR), - (IMC-762-SST), - (IMC-770-MM), - (IMC-770-SFP), - (IMC-770-SM), - (IMC-770-SSER), - (IMC-770-SSR), - (IMC-770-SST), - (IMC-770I-2SFP), - (IMC-771-MM), - (IMC-771-SE), - (IMC-771-SM), - (IMC-771-SS4R), - (IMC-771-SS4T), - (IMC-771-SSER), - (IMC-771-SSET), - (IMC-771-SSR), - (IMC-771-SST), - (IMC-771-SXL), - (IMC-771I-2SFP), - (IMC-771I-SFP), - (IMC-782-SFP), - (IMC-782-SSR), - (IMC-782-SST), - (IMC-784I-SFP), - (IMC-790-2SFP), - (IMC-790-2XFP), - (SE305-T), - (SE308-T), - (SE316-T), - (SEC310-2SFP-T), - (SEC318-2SFP-T), - (SEG305-T), - (SEG308-T), - (SEG316-T), - (iView Webserver)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08966",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-53509, ICSA-25-191-08",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Advantech iView, IMC-574I-FVM-A, IMC-574I-FVR-A, IMC-574I-SFP, IMC-574I-SFP-A, IMC-574I-SFP-PS, IMC-574I-SFP-PS-A, IMC-721I-E1MUX, IMC-721I-MM, IMC-721I-MMST, IMC-721I-SE, IMC-721I-SEST, IMC-721I-SFP, IMC-721I-SL, IMC-721I-SSER, IMC-721I-SSR, IMC-721I-SST, IMC-721I-T1MUX, IMC-723-SE, IMC-723-SSER, IMC-723-SSET, IMC-723-SSR, IMC-723-SST, IMC-750-SE, IMC-750-SEST, IMC-750-SSER, IMC-750-SSET, IMC-750-SSLR, IMC-750-SSLT, IMC-750-SSR, IMC-750-SST, IMC-750I-SFP, IMC-751-M8, IMC-751-M8ST, IMC-762-SSET, IMC-762-SSR, IMC-762-SST, IMC-770-MM, IMC-770-SFP, IMC-770-SM, IMC-770-SSER, IMC-770-SSR, IMC-770-SST, IMC-770I-2SFP, IMC-771-MM, IMC-771-SE, IMC-771-SM, IMC-771-SS4R, IMC-771-SS4T, IMC-771-SSER, IMC-771-SSET, IMC-771-SSR, IMC-771-SST, IMC-771-SXL, IMC-771I-2SFP, IMC-771I-SFP, IMC-782-SFP, IMC-782-SSR, IMC-782-SST, IMC-784I-SFP, IMC-790-2SFP, IMC-790-2XFP, SE305-T, SE308-T, SE316-T, SEC310-2SFP-T, SEC318-2SFP-T, SEG305-T, SEG308-T, SEG316-T, iView Webserver",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.restoreDatabase() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 (CWE-88)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NetworkServlet.restoreDatabase() \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Advantech iView \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-88",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
CVE-2025-52577 (GCVE-0-2025-52577)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:24 – Updated: 2025-07-11 13:39
VLAI?
EPSS
Title
Advantech iView SQL Injection
Summary
A vulnerability exists in Advantech iView that could allow SQL injection
and remote code execution through NetworkServlet.archiveTrapRange().
This issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not properly sanitized,
allowing an attacker to perform SQL injection and potentially execute
code in the context of the 'nt authority\local service' account.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:17.239954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:39:11.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow SQL injection\n and remote code execution through NetworkServlet.archiveTrapRange(). \nThis issue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not properly sanitized, \nallowing an attacker to perform SQL injection and potentially execute \ncode in the context of the \u0027nt authority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that could allow SQL injection\n and remote code execution through NetworkServlet.archiveTrapRange(). \nThis issue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not properly sanitized, \nallowing an attacker to perform SQL injection and potentially execute \ncode in the context of the \u0027nt authority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:24:42.965Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-52577",
"datePublished": "2025-07-10T23:24:42.965Z",
"dateReserved": "2025-07-02T15:12:58.630Z",
"dateUpdated": "2025-07-11T13:39:11.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53509 (GCVE-0-2025-53509)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:29 – Updated: 2025-07-11 13:29
VLAI?
EPSS
Title
Advantech iView Argument Injection
Summary
A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:29:30.324999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:29:37.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in the NetworkServlet.restoreDatabase(). This issue requires \nan authenticated attacker with at least user-level privileges. An input \nparameter can be used directly in a command without proper sanitization,\n allowing arbitrary arguments to be injected. This can result in \ninformation disclosure, including sensitive database credentials."
}
],
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in the NetworkServlet.restoreDatabase(). This issue requires \nan authenticated attacker with at least user-level privileges. An input \nparameter can be used directly in a command without proper sanitization,\n allowing arbitrary arguments to be injected. This can result in \ninformation disclosure, including sensitive database credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:29:10.103Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53509",
"datePublished": "2025-07-10T23:29:10.103Z",
"dateReserved": "2025-07-02T15:12:58.651Z",
"dateUpdated": "2025-07-11T13:29:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46704 (GCVE-0-2025-46704)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:19 – Updated: 2025-07-11 13:40
VLAI?
EPSS
Title
Advantech iView Path Traversal
Summary
A vulnerability exists in Advantech iView in
NetworkServlet.processImportRequest() that could allow for a directory
traversal attack. This issue requires an authenticated attacker with at
least user-level privileges. A specific parameter is not properly
sanitized or normalized, potentially allowing an attacker to determine
the existence of arbitrary files on the server.
Severity ?
4.3 (Medium)
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:39.368395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:40:07.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView in \nNetworkServlet.processImportRequest() that could allow for a directory \ntraversal attack. This issue requires an authenticated attacker with at \nleast user-level privileges. A specific parameter is not properly \nsanitized or normalized, potentially allowing an attacker to determine \nthe existence of arbitrary files on the server."
}
],
"value": "A vulnerability exists in Advantech iView in \nNetworkServlet.processImportRequest() that could allow for a directory \ntraversal attack. This issue requires an authenticated attacker with at \nleast user-level privileges. A specific parameter is not properly \nsanitized or normalized, potentially allowing an attacker to determine \nthe existence of arbitrary files on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:19:32.390Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-46704",
"datePublished": "2025-07-10T23:19:32.390Z",
"dateReserved": "2025-07-02T15:12:58.615Z",
"dateUpdated": "2025-07-11T13:40:07.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53475 (GCVE-0-2025-53475)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:23 – Updated: 2025-07-11 13:39
VLAI?
EPSS
Title
Advantech iView SQL Injection
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially execute code in the context of the 'nt
authority\local service' account.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:26.738460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:39:39.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the \u0027nt \nauthority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the \u0027nt \nauthority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:23:38.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53475",
"datePublished": "2025-07-10T23:23:38.421Z",
"dateReserved": "2025-07-02T15:12:58.621Z",
"dateUpdated": "2025-07-11T13:39:39.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41442 (GCVE-0-2025-41442)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:15 – Updated: 2025-07-11 17:50
VLAI?
EPSS
Title
Advantech iView Cross-site Scripting
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T17:49:43.275598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:50:31.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:15:27.981Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-41442",
"datePublished": "2025-07-10T23:15:27.981Z",
"dateReserved": "2025-07-02T15:12:58.600Z",
"dateUpdated": "2025-07-11T17:50:31.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52459 (GCVE-0-2025-52459)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:28 – Updated: 2025-07-11 13:29
VLAI?
EPSS
Title
Advantech iView Argument Injection
Summary
A vulnerability exists in Advantech iView that allows for argument
injection in NetworkServlet.backupDatabase(). This issue requires an
authenticated attacker with at least user-level privileges. Certain
parameters can be used directly in a command without proper
sanitization, allowing arbitrary arguments to be injected. This can
result in information disclosure, including sensitive database
credentials.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:29:50.282666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:29:56.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in NetworkServlet.backupDatabase(). This issue requires an \nauthenticated attacker with at least user-level privileges. Certain \nparameters can be used directly in a command without proper \nsanitization, allowing arbitrary arguments to be injected. This can \nresult in information disclosure, including sensitive database \ncredentials."
}
],
"value": "A vulnerability exists in Advantech iView that allows for argument \ninjection in NetworkServlet.backupDatabase(). This issue requires an \nauthenticated attacker with at least user-level privileges. Certain \nparameters can be used directly in a command without proper \nsanitization, allowing arbitrary arguments to be injected. This can \nresult in information disclosure, including sensitive database \ncredentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:28:08.679Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-52459",
"datePublished": "2025-07-10T23:28:08.679Z",
"dateReserved": "2025-07-02T15:12:58.643Z",
"dateUpdated": "2025-07-11T13:29:56.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53397 (GCVE-0-2025-53397)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:13 – Updated: 2025-07-11 13:58
VLAI?
EPSS
Title
Advantech iView Cross-site Scripting
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user's browser, potentially leading to information disclosure or
other malicious activities.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:58:14.600623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:58:21.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy exploiting this flaw, an attacker could execute unauthorized scripts \nin the user\u0027s browser, potentially leading to information disclosure or \nother malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy exploiting this flaw, an attacker could execute unauthorized scripts \nin the user\u0027s browser, potentially leading to information disclosure or \nother malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:13:27.593Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53397",
"datePublished": "2025-07-10T23:13:27.593Z",
"dateReserved": "2025-07-02T15:12:58.579Z",
"dateUpdated": "2025-07-11T13:58:21.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53515 (GCVE-0-2025-53515)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:25 – Updated: 2025-07-11 13:57
VLAI?
EPSS
Title
Advantech iView SQL Injection
Summary
A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the 'nt authority\local service' account.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:57:29.867588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:57:41.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that allows for SQL injection \nand remote code execution through NetworkServlet.archiveTrap(). This \nissue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not sanitized, allowing an \nattacker to perform SQL injection and potentially execute code in the \ncontext of the \u0027nt authority\\local service\u0027 account."
}
],
"value": "A vulnerability exists in Advantech iView that allows for SQL injection \nand remote code execution through NetworkServlet.archiveTrap(). This \nissue requires an authenticated attacker with at least user-level \nprivileges. Certain input parameters are not sanitized, allowing an \nattacker to perform SQL injection and potentially execute code in the \ncontext of the \u0027nt authority\\local service\u0027 account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:25:51.561Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53515",
"datePublished": "2025-07-10T23:25:51.561Z",
"dateReserved": "2025-07-02T15:12:58.638Z",
"dateUpdated": "2025-07-11T13:57:41.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48891 (GCVE-0-2025-48891)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:17 – Updated: 2025-07-11 13:42
VLAI?
EPSS
Title
Advantech iView SQL Injection
Summary
A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.
Severity ?
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:38:49.578799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:42:37.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection through the CUtils.checkSQLInjection() function. This \nvulnerability can be exploited by an authenticated attacker with at \nleast user-level privileges, potentially leading to information \ndisclosure or a denial-of-service condition."
}
],
"value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection through the CUtils.checkSQLInjection() function. This \nvulnerability can be exploited by an authenticated attacker with at \nleast user-level privileges, potentially leading to information \ndisclosure or a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:17:45.815Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-48891",
"datePublished": "2025-07-10T23:17:45.815Z",
"dateReserved": "2025-07-02T15:12:58.607Z",
"dateUpdated": "2025-07-11T13:42:37.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53519 (GCVE-0-2025-53519)
Vulnerability from cvelistv5 – Published: 2025-07-10 23:14 – Updated: 2025-07-11 17:50
VLAI?
EPSS
Title
Advantech iView Cross-site Scripting
Summary
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Credits
Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T17:49:52.229018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:50:07.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"lessThan": "5.7.05 build 7057",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating specific parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating specific parameters, an attacker could execute \nunauthorized scripts in the user\u0027s browser, potentially leading to \ninformation disclosure or other malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T23:14:37.185Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"
},
{
"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Advantech recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\"\u003ev5.7.05 build 7057\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."
}
],
"source": {
"advisory": "ICSA-25-191-08",
"discovery": "EXTERNAL"
},
"title": "Advantech iView Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53519",
"datePublished": "2025-07-10T23:14:37.185Z",
"dateReserved": "2025-07-02T15:12:58.594Z",
"dateUpdated": "2025-07-11T17:50:07.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…