Directory Traversal Vulnerability in Advantech iView
CVE-2021-22656

7.5HIGH

Key Information:

Vendor: Advantech
Status: Advantech Iview
Vendor: CVE Published:; 11 February 2021

Summary

Advantech iView versions before v5.7.03.6112 are susceptible to a directory traversal vulnerability. This weakness enables attackers to manipulate file paths, potentially gaining access to sensitive files on the server. By exploiting this flaw, an unauthorized attacker could read system files that are typically restricted, posing significant risks to data confidentiality and system integrity. To remediate this issue, it is essential for users of affected versions to upgrade to a patched version of the software to protect their systems from possible attacks.

Affected Version(s)

Advantech iView iView versions prior to v5.7.03.6112

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-189/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2021
Vulnerability Reserved
Jan 5, 2021