CVE-2022-2136
published 2022-07-22CVE-2022-2136: The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
9.00%
94.6th percentile
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | < 5.7.04.6469 | 5.7.04.6469 |
| advantech_iview | iview | >= All < 5_7_04_6469 | 5_7_04_6469 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech iView
cisa_ics·2022-06-28·CVSS 7.5
[HIGH] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedJune 28, 2022
Alert CodeICSA-22-179-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read or modify sensitive data, disclose information, or execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of
GHSA
GHSA-3cvh-w666-7794: The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to d
ghsa_unreviewed·2022-07-23
CVE-2022-2136 [MEDIUM] CWE-89 GHSA-3cvh-w666-7794: The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to d
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-22
Published