PT-2021-15152 · Advantech · Iview

Rgod

Published

2021-02-11

Updated

2021-02-12

CVE-2021-22654

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech iView versions prior to 5.7.03.6112

Description The issue allows an unauthorized attacker to disclose information through SQL injection. It affects the NetworkServlet and UserServlet, potentially allowing information disclosure.

Recommendations For versions prior to 5.7.03.6112, update to version 5.7.03.6112 or later to resolve the issue. As a temporary workaround, consider restricting access to the NetworkServlet and UserServlet to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-22654

ZDI-21-188

ZDI-21-190

Affected Products

Iview

PT-2021-15152 · Advantech · Iview

CVE-2021-22654

Weakness Enumeration

Related Identifiers

Affected Products

References · 5