SQL Injection Vulnerability in Advantech iView Software
CVE-2021-22654

7.5HIGH

Key Information:

Vendor: Advantech
Status: Advantech Iview
Vendor: CVE Published:; 11 February 2021

What is CVE-2021-22654?

Advantech iView versions before v5.7.03.6112 are susceptible to a SQL injection vulnerability that may allow unauthorized attackers to access sensitive information, potentially leading to data breaches and compromised system integrity.

Affected Version(s)

Advantech iView iView versions prior to v5.7.03.6112

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-190/

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-188/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2021
Vulnerability Reserved
Jan 5, 2021