CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3983
https://notcve.org/view.php?id=CVE-2023-3983
31 Jul 2023 — An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. • https://www.tenable.com/security/research/tra-2023-24 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2022-2139 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2139
30 Jun 2022 — The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. El producto afectado es vulnerable a un salto de directorio, que puede permitir a un atacante acceder a archivos no autorizados y ejecutar código arbitrario This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authenti... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-2135 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2135
30 Jun 2022 — The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a múltiples inyecciones SQL que pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-2136 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2136
30 Jun 2022 — The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a múltiples inyecciones SQL que requieren privilegios bajos para su explotación y pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to explo... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2137 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2137
30 Jun 2022 — The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information El producto afectado es vulnerable a dos inyecciones SQL que requieren altos privilegios para su explotación y pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 1%CPEs: 1EXPL: 0CVE-2022-2138 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2138
30 Jun 2022 — The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. El producto afectado es vulnerable debido a la falta de autenticación, lo que puede permitir a un atacante leer o modificar datos confidenciales y ejecutar código arbitrario, resultando en una condición de denegación de servicio This vulnerability allows remote attackers to create a denial-of-service condition o... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2142 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2142
30 Jun 2022 — The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a una inyección SQL con alta complejidad de ataque, que puede permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 72%CPEs: 1EXPL: 2CVE-2022-2143 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2143
30 Jun 2022 — The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. El producto afectado es vulnerable a dos instancias de inyección de comandos, que pueden permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkSer... • https://packetstorm.news/files/id/168108 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32932 – Advantech iView NetworkServlet getPSInventoryInfo SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-32932
07 Jun 2021 — The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). El producto afectado es vulnerable a una inyección SQL, que puede permitir a un atacante no autorizado divulgar información en el iView (versiones anteriores a v5.7.03.6182) This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this v... • https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32930 – Advantech iView runProViewUpgrade Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32930
07 Jun 2021 — The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). La configuración del producto afectado es vulnerable debido a una falta de autenticación, lo que puede permitir a un atacante cambiar la configuración y ejecutar código arbitrario en el iView (anterior a versión v5.7.03.6182) This vulnerability allows remote attackers to execute arbitrary code on affec... • https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01 • CWE-306: Missing Authentication for Critical Function •