CVE-2022-2138
published 2022-07-22CVE-2022-2138: The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code…
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
10.92%
95.3th percentile
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | < 5.7.04.6469 | 5.7.04.6469 |
| advantech_iview | iview | >= All < 5_7_04_6469 | 5_7_04_6469 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp6v-rq8g-2cjf: The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary c
ghsa_unreviewed·2022-07-23
CVE-2022-2138 [HIGH] CWE-306 GHSA-jp6v-rq8g-2cjf: The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary c
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
CISA ICS
Advantech iView
cisa_ics·2022-06-28·CVSS 7.5
[HIGH] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedJune 28, 2022
Alert CodeICSA-22-179-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read or modify sensitive data, disclose information, or execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-22
Published