CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 2CVE-2021-22652 – Advantech iView Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-22652
11 Feb 2021 — Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. El acceso a las versiones de Advantech iView anteriores a configuración v5.7.03.6112 carece de autenticación, lo que puede permitir a un atacante no autorizado cambiar la configuración y obtener una ejecución de código • https://packetstorm.news/files/id/161937 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22654 – Advantech iView NetworkServlet ztp_config_name SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22654
11 Feb 2021 — Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Las versiones Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyección SQL, lo que puede permitir a un atacante no autorizado revelar información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific fl... • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22658 – Advantech iView UserServlet SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22658
11 Feb 2021 — Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyección SQL, lo que puede permitir a un atacante escalar los privilegios a "Administrator" This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the e... • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-22656 – Advantech iView CommandServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22656
11 Feb 2021 — Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables al salto de directorios, lo que puede permitir a un atacante leer archivos confidenciales This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exis... • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2020-16245 – Advantech iView NetworkServlet findSummaryCfgDeviceListExport Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16245
25 Aug 2020 — Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView, versiones 5.7 y anteriores. El producto afectado es susceptible a vulnerabilidades de salto de ruta que podrían permitir a un atacante crear y descargar archivos arbitrarios, limitar la disponibilidad del sistema y ejecutar código remotamente This vulnerability allo... • https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14501 – Advantech iView UserServlet performDeleteUser Missing Authentication for Critical Function Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14501
15 Jul 2020 — Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. Advantech iView, versiones 5.6 y anteriores, tiene un problema de autenticación inadecuada para la función crítica (CWE-306). El aprovechamiento satisfactorio de esta vulnerabili... • https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14503 – Advantech iView NetworkServlet Improper Input Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14503
15 Jul 2020 — Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de validación de entrada inadecuada. La explotación exitosa de esta vulnerabilidad podría permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations ... • https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14499 – Advantech iView UserServlet getAllUsersAccountInfo Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14499
15 Jul 2020 — Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de control de acceso inadecuado. La explotación exitosa de esta vulnerabilidad puede permitir a un atacante obtener las credenciales de todas las cuentas de usuario This vulnerability allows remote attackers to disclose sensitive information on a... • https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2020-14505 – Advantech iView NetworkServlet restoreDatabase Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14505
15 Jul 2020 — Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. Advantech iView, versiones 5.6 y anteriores, tiene una neutralización inadecuada de los elementos especiales utilizados en una vulnerabilidad de comando ("inyecció... • https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-14497 – Advantech iView TaskEditDeviceTable getTaskEditorSearchDevices SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14497
15 Jul 2020 — Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView, versiones 5.6 y anteriores, contiene múltiples vulnerabilidades de inyección SQL que son vulnerables al uso de una cadena controlada por el atacante en la construcción de consultas SQL. Un atacante podría ex... • https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •