cbcvebase.

Advantech Iview vulnerabilities

39 known vulnerabilities affecting advantech/iview.

Total CVEs
39
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH17MEDIUM9

Vulnerabilities

Page 1 of 2
CVE-2022-2143P1CRITICALCVSS 9.8PoCfixed in 5.7.04.64692022-07-22
CVE-2022-2143 [CRITICAL] CWE-77 CVE-2022-2143: The affected product is vulnerable to two instances of command injection, which may allow an attacke The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2021-22652P1CRITICALCVSS 9.8PoCfixed in 5.7.03.61122021-02-11
CVE-2021-22652 [CRITICAL] CWE-306 CVE-2021-22652: Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authenticatio Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
nvd
CVE-2021-32930P2CRITICALCVSS 9.8fixed in 5.7.03.6182vversions prior to v5.7.03.61822021-06-11
CVE-2021-32930 [CRITICAL] CWE-306 CVE-2021-32930: The affected product’s configuration is vulnerable due to missing authentication, which may allow an The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
nvd
CVE-2022-50593P2CRITICALCVSS 9.8fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50593 [CRITICAL] CWE-89 CVE-2022-50593: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with admin
nvd
CVE-2021-22658P2CRITICALCVSS 9.8fixed in 5.7.03.61122021-02-11
CVE-2021-22658 [CRITICAL] CWE-89 CVE-2021-22658: Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
nvd
CVE-2020-14505P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14505 [CRITICAL] CWE-77 CVE-2020-14505: Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
nvd
CVE-2020-16245P2CRITICALCVSS 9.8≤ 5.72020-08-25
CVE-2020-16245 [CRITICAL] CWE-22 CVE-2020-16245: Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulner Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
nvd
CVE-2023-3983P2HIGHCVSS 8.8fixed in 5.7.4.67522023-07-31
CVE-2023-3983 [HIGH] CWE-89 CVE-2023-3983: An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 buil An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
nvd
CVE-2022-2139P2CRITICALCVSS 9.8fixed in 5.7.04.64692022-07-22
CVE-2022-2139 [CRITICAL] CWE-23 CVE-2022-2139: The affected product is vulnerable to directory traversal, which may allow an attacker to access una The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
nvd
CVE-2022-3323P2HIGHCVSS 7.5v5.7.04.64692022-09-27
CVE-2022-3323 [HIGH] CWE-89 CVE-2022-3323: An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the C An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perf
nvd
CVE-2020-14507P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14507 [CRITICAL] CWE-22 CVE-2020-14507: Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities th Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
nvd
CVE-2020-14497P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14497 [CRITICAL] CWE-89 CVE-2020-14497: Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vu Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
nvd
CVE-2022-50591P2CRITICALCVSS 9.8fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50591 [CRITICAL] CWE-89 CVE-2022-50591: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data,
nvd
CVE-2025-53475P2HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53475 [HIGH] CWE-89 CVE-2025-53475: A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execut A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially e
nvd
CVE-2020-14503P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14503 [CRITICAL] CWE-20 CVE-2020-14503: Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
nvd
CVE-2020-14501P2CRITICALCVSS 9.8≤ 5.62020-07-15
CVE-2020-14501 [CRITICAL] CWE-306 CVE-2020-14501: Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-3 Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
nvd
CVE-2025-52577P3HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-52577 [HIGH] CWE-89 CVE-2025-52577: A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in
nvd
CVE-2025-53515P3HIGHCVSS 8.8fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53515 [HIGH] CWE-89 CVE-2025-53515: A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution t A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of
nvd
CVE-2022-50592P3HIGHCVSS 7.2fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50592 [HIGH] CWE-89 CVE-2022-50592: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution wit
nvd
CVE-2022-50595P3HIGHCVSS 7.2fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50595 [HIGH] CWE-89 CVE-2022-50595: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with admi
nvd
Advantech Iview vulnerabilities | cvebase