Advantech Iview vulnerabilities
39 known vulnerabilities affecting advantech/iview.
Total CVEs
39
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH17MEDIUM9
Vulnerabilities
Page 1 of 2
CVE-2022-2143P1CRITICALCVSS 9.8PoCfixed in 5.7.04.64692022-07-22
CVE-2022-2143 [CRITICAL] CWE-77 CVE-2022-2143: The affected product is vulnerable to two instances of command injection, which may allow an attacke
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2021-22652P1CRITICALCVSS 9.8PoCfixed in 5.7.03.61122021-02-11
CVE-2021-22652 [CRITICAL] CWE-306 CVE-2021-22652: Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authenticatio
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
nvd
CVE-2021-32930P2CRITICALCVSS 9.8fixed in 5.7.03.6182vversions prior to v5.7.03.61822021-06-11
CVE-2021-32930 [CRITICAL] CWE-306 CVE-2021-32930: The affected product’s configuration is vulnerable due to missing authentication, which may allow an
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
nvd
CVE-2022-50593P2CRITICALCVSS 9.8fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50593 [CRITICAL] CWE-89 CVE-2022-50593: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with admin
nvd
CVE-2021-22658P2CRITICALCVSS 9.8fixed in 5.7.03.61122021-02-11
CVE-2021-22658 [CRITICAL] CWE-89 CVE-2021-22658: Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
nvd
CVE-2020-14505P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14505 [CRITICAL] CWE-77 CVE-2020-14505: Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
nvd
CVE-2020-16245P2CRITICALCVSS 9.8≤ 5.72020-08-25
CVE-2020-16245 [CRITICAL] CWE-22 CVE-2020-16245: Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulner
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
nvd
CVE-2023-3983P2HIGHCVSS 8.8fixed in 5.7.4.67522023-07-31
CVE-2023-3983 [HIGH] CWE-89 CVE-2023-3983: An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 buil
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
nvd
CVE-2022-2139P2CRITICALCVSS 9.8fixed in 5.7.04.64692022-07-22
CVE-2022-2139 [CRITICAL] CWE-23 CVE-2022-2139: The affected product is vulnerable to directory traversal, which may allow an attacker to access una
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
nvd
CVE-2022-3323P2HIGHCVSS 7.5v5.7.04.64692022-09-27
CVE-2022-3323 [HIGH] CWE-89 CVE-2022-3323: An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the C
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perf
nvd
CVE-2020-14507P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14507 [CRITICAL] CWE-22 CVE-2020-14507: Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities th
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
nvd
CVE-2020-14497P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14497 [CRITICAL] CWE-89 CVE-2020-14497: Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vu
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
nvd
CVE-2022-50591P2CRITICALCVSS 9.8fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50591 [CRITICAL] CWE-89 CVE-2022-50591: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data,
nvd
CVE-2025-53475P2HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53475 [HIGH] CWE-89 CVE-2025-53475: A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execut
A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially e
nvd
CVE-2020-14503P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14503 [CRITICAL] CWE-20 CVE-2020-14503: Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
nvd
CVE-2020-14501P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14501 [CRITICAL] CWE-306 CVE-2020-14501: Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-3
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
nvd
CVE-2025-52577P3HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-52577 [HIGH] CWE-89 CVE-2025-52577: A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution
A vulnerability exists in Advantech iView that could allow SQL injection
and remote code execution through NetworkServlet.archiveTrapRange().
This issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not properly sanitized,
allowing an attacker to perform SQL injection and potentially execute
code in
nvd
CVE-2025-53515P3HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53515 [HIGH] CWE-89 CVE-2025-53515: A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution t
A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of
nvd
CVE-2022-50592P3HIGHCVSS 7.2fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50592 [HIGH] CWE-89 CVE-2022-50592: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution wit
nvd
CVE-2022-50595P3HIGHCVSS 7.2fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50595 [HIGH] CWE-89 CVE-2022-50595: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with admi
nvd
1 / 2Next →