CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22658 – Advantech iView UserServlet SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22658
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyección SQL, lo que puede permitir a un atacante escalar los privilegios a "Administrator" This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UserServlet class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 https://www.zerodayinitiative.com/advisories/ZDI-21-191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0CVE-2021-22656 – Advantech iView CommandServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22656
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables al salto de directorios, lo que puede permitir a un atacante leer archivos confidenciales This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommandServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 https://www.zerodayinitiative.com/advisories/ZDI-21-189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2021-22654 – Advantech iView NetworkServlet ztp_config_name SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22654
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Las versiones Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyección SQL, lo que puede permitir a un atacante no autorizado revelar información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. When parsing the ztp_config_name parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 https://www.zerodayinitiative.com/advisories/ZDI-21-188 https://www.zerodayinitiative.com/advisories/ZDI-21-190 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25157 – Advantech R-SeeNet device_position device_id SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25157
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. La página web de R-SeeNet (versiones 1.5.1 hasta 2.4.10) sufre de una inyección SQL, que permite a un atacante remoto invocar consultas en la base de datos y recuperar información confidencial This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within device_position.php. When parsing the device_id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25161 – Advantech WebAccess/SCADA WADashboard External Control of File Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25161
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. El componente WADashboard de WebAccess/SCADA Versiones 9.0 y anteriores, puede permitir a un atacante controlar o influir en una ruta usada en una operación en el sistema de archivos y ejecutar código remotamente como administrador This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the WADashboard component. The issue results from the lack of proper validation of a user-supplied path prior to using it to read and execute code from a file. An attacker can leverage this vulnerability to execute code in the context of Administrator. • https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •