Improper Authentication Vulnerability in Advantech iView Solution
CVE-2020-14501

9.8CRITICAL

Key Information:

Vendor: Advantech
Status: Advantech Iview
Vendor: CVE Published:; 15 July 2020

Summary

Advantech iView versions up to 5.6 contain a vulnerability due to improper authentication for critical functions. This weakness allows attackers to gain unauthorized access, potentially revealing user table information, including sensitive administrator credentials in clear text. Additionally, it could allow an attacker to delete an existing administrator account, further compromising system integrity and security.

Affected Version(s)

Advantech iView Versions 5.6 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-859/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020