CVE-2021-22652
Advantech iView Unauthenticated Remote Code Execution
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
El acceso a las versiones de Advantech iView anteriores a configuración v5.7.03.6112 carece de autenticación, lo que puede permitir a un atacante no autorizado cambiar la configuración y obtener una ejecución de código
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-05 CVE Reserved
- 2021-02-09 First Exploit
- 2021-02-11 CVE Published
- 2024-07-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 | Third Party Advisory | |
| https://www.rapid7.com/blog/post/2021/02/11/cve-2021-22652-advantech-iview-missing-authentication-rce-fixed |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advantech Search vendor "Advantech" | Iview Search vendor "Advantech" for product "Iview" | < 5.7.03.6112 Search vendor "Advantech" for product "Iview" and version " < 5.7.03.6112" | - |
Affected
| ||||||