PT-2025-45368 · Advantech · Advantech Iview
Exodus Intelligence
·
Published
2022-01-13
·
Updated
2025-11-06
·
CVE-2022-50593
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Advantech iView versions prior to v5.7.04 build 6425
Description
The SNMP management tool in Advantech iView has a flaw related to insufficient protection of the SQL query structure when processing the
search term parameter. Exploitation allows a remote attacker to execute arbitrary code. The vulnerability is present in the ‘NetworkServlet’ API endpoint. Successful exploitation allows for remote code execution with administrator privileges.Recommendations
Update to version v5.7.04 build 6425 or later.
Fix
Missing Authentication
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech Iview