Advantech iView
CVE-2022-2137

4.9MEDIUM

Key Information:

Vendor: Advantech Iview
Status: Iview
Vendor: CVE Published:; 22 July 2022

Summary

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information

Affected Version(s)

iView All < 5_7_04_6469

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2022
Vulnerability Reserved
Jun 20, 2022

Credit

rgod, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA