Advantech iView
CVE-2022-2138

8.2HIGH

Key Information:

Vendor: Advantech Iview
Status: Iview
Vendor: CVE Published:; 28 June 2022

Summary

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Affected Version(s)

iView All < 5_7_04_6469

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2022
Vulnerability Reserved
Jun 20, 2022

Credit

rgod, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA