cbcvebase.
CVE-2022-3323
published 2022-09-27

CVE-2022-3323: An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
30.67%
98.0th percentile
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechiview

Detection & IOCsextracted from sources · hover to see the quote

port8080
path/ConfigurationServlet
commandsetConfiguration?column_value=<SQLi payload>
  • Monitor HTTP requests to the ConfigurationServlet endpoint (default TCP/8080) for the 'setConfiguration' action with anomalous or SQL-syntax-bearing 'column_value' parameter values, indicative of SQLi bypass attempts against CUtils.checkSQLInjection().
  • Alert on unauthenticated inbound connections to TCP port 8080 targeting Advantech iView hosts, particularly requests to ConfigurationServlet — exploitation requires no authentication.
  • Public exploits are available for this vulnerability; prioritize detection and patching for internet-exposed Advantech iView instances running version 5.7.04.6469 and prior.
  • Successful exploitation can result in credential theft — specifically the iView admin password — monitor for unexpected credential access or exfiltration following SQLi activity.
  • ·The ConfigurationServlet listens on TCP port 8080 by default — this port may be reconfigured in non-default deployments, requiring hunters to verify the actual listening port in target environments.
  • ·All Advantech iView versions 5.7.04.6469 and prior are affected; the fixed version is 5.7.04.6583 — detections should account for version identification to scope affected assets.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.