CVE-2022-3323
published 2022-09-27CVE-2022-3323: An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
30.67%
98.0th percentile
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the ConfigurationServlet endpoint (default TCP/8080) for the 'setConfiguration' action with anomalous or SQL-syntax-bearing 'column_value' parameter values, indicative of SQLi bypass attempts against CUtils.checkSQLInjection(). ↗
- →Alert on unauthenticated inbound connections to TCP port 8080 targeting Advantech iView hosts, particularly requests to ConfigurationServlet — exploitation requires no authentication. ↗
- →Public exploits are available for this vulnerability; prioritize detection and patching for internet-exposed Advantech iView instances running version 5.7.04.6469 and prior. ↗
- →Successful exploitation can result in credential theft — specifically the iView admin password — monitor for unexpected credential access or exfiltration following SQLi activity. ↗
- ·The ConfigurationServlet listens on TCP port 8080 by default — this port may be reconfigured in non-default deployments, requiring hunters to verify the actual listening port in target environments. ↗
- ·All Advantech iView versions 5.7.04.6469 and prior are affected; the fixed version is 5.7.04.6583 — detections should account for version identification to scope affected assets. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech iView
cisa_ics·2022-12-08·CVSS 7.5
[HIGH] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedDecember 08, 2022
Alert CodeICSA-22-342-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Advantech
- Equipment: iView
- Vulnerability: SQL Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to acquire credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Advantech iView management software are affected:
- Version 5.7.04.6469 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1
GHSA
GHSA-4cm4-j9qp-hc8j: An SQL injection vulnerability in Advantech iView 5
ghsa_unreviewed·2022-09-28
CVE-2022-3323 [HIGH] CWE-89 GHSA-4cm4-j9qp-hc8j: An SQL injection vulnerability in Advantech iView 5
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-27
Published