Advantech iView
CVE-2022-2136

8.8HIGH

Key Information:

Vendor: Advantech Iview
Status: Iview
Vendor: CVE Published:; 22 July 2022

Summary

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

Affected Version(s)

iView All < 5_7_04_6469

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2022
Vulnerability Reserved
Jun 20, 2022

Credit

rgod, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA