Unauthenticated Remote Code Execution in Advantech iView by Advantech
CVE-2021-22652

9.8CRITICAL

Key Information:

Vendor: Advantech
Status: Advantech Iview
Vendor: CVE Published:; 11 February 2021

Summary

A vulnerability exists in Advantech iView versions prior to v5.7.03.6112, where missing authentication measures can be exploited by an unauthorized attacker to alter system configurations. This flaw may potentially allow attackers to execute arbitrary code, leading to significant security risks for affected systems. Organizations using these versions should prioritize upgrading their software to mitigate potential threats.

Affected Version(s)

Advantech iView iView versions prior to v5.7.03.6112

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

x_refsource_MISC

http://packetstormsecurity.com/files/161937/Advantech-iVi...

x_refsource_MISC

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2021
Vulnerability Reserved
Jan 5, 2021