CVE-2021-22656
published 2021-02-11CVE-2021-22656: Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.12%
86.2th percentile
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | < 5.7.03.6112 | 5.7.03.6112 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech iView
cisa_ics·2021-02-09·CVSS 7.5
[HIGH] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedFebruary 09, 2021
Alert CodeICSA-21-040-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: SQL Injection, Path Traversal, Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an attacker to disclose information, escalate privileges to Administrator, perform an arbitrary file read, and remotely execute commands.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The
GHSA
GHSA-qrfm-956x-83hh: Advantech iView versions prior to v5
ghsa_unreviewed·2022-05-24
CVE-2021-22656 [HIGH] CWE-22 GHSA-qrfm-956x-83hh: Advantech iView versions prior to v5
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-11
Published