Path Traversal Vulnerability in Advantech iView Products
CVE-2020-16245

9.8CRITICAL

Key Information:

Vendor
Advantech
Status
Advantech Iview
Vendor
CVE Published:
25 August 2020

Summary

Advantech iView, in versions 5.7 and earlier, is impacted by a path traversal vulnerability. This allows attackers to manipulate file paths and potentially create or download arbitrary files on the server. Exploiting this vulnerability may lead to a limitation of system availability and could enable remote code execution, which poses significant risks to the integrity and security of affected systems.

Affected Version(s)

Advantech iView Versions 5.7 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1085/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1089/
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.