SQL Injection Vulnerability in iView by Citect - Affected by Unauthorized Access Risk
CVE-2021-32932

7.5HIGH

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 June 2021

Summary

The iView product by Citect is susceptible to a SQL injection flaw, which could allow an unauthorized attacker to exploit the system. This vulnerability primarily affects versions prior to v5.7.03.6182, enabling potential unauthorized data access and the exposure of sensitive information.

Affected Version(s)

iView versions prior to v5.7.03.6182

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2021
Vulnerability Reserved
May 13, 2021