PT-2022-6274 · Advantech · Advantech Iview

Rgod

Published

2022-06-30

Updated

2022-07-28

CVE-2022-2136

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Advantech iView (affected versions not specified)

Description The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. This issue is related to the lack of protection of the SQL query structure, which can be exploited by a remote attacker to execute arbitrary SQL commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2023-00704

CVE-2022-2136

ZDI-22-920

ZDI-22-921

ZDI-22-922

ZDI-22-923

ZDI-22-924

ZDI-22-925

ZDI-22-937

Affected Products

Advantech Iview

PT-2022-6274 · Advantech · Advantech Iview

CVE-2022-2136

Weakness Enumeration

Related Identifiers

Affected Products

References · 15