CVE-2020-14499
published 2020-07-15CVE-2020-14499: Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.75%
75.0th percentile
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | <= 5.6 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech iView
cisa_ics·2020-07-14·CVSS 9.8
[CRITICAL] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedJuly 14, 2020
Alert CodeICSA-20-196-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application.
##
GHSA
GHSA-gr25-37rj-jwmm: Advantech iView, versions 5
ghsa_unreviewed·2022-05-24
CVE-2020-14499 [MEDIUM] GHSA-gr25-37rj-jwmm: Advantech iView, versions 5
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-15
Published