Advantech Iview vulnerabilities
39 known vulnerabilities affecting advantech/iview.
Total CVEs
39
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH17MEDIUM9
Vulnerabilities
Page 2 of 2
CVE-2021-22654P3HIGHCVSS 7.5fixed in 5.7.03.61122021-02-11
CVE-2021-22654 [HIGH] CWE-89 CVE-2021-22654: Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2022-2138P3HIGHCVSS 7.5fixed in 5.7.04.64692022-07-22
CVE-2022-2138 [HIGH] CWE-306 CVE-2022-2138: The affected product is vulnerable due to missing authentication, which may allow an attacker to rea
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
nvd
CVE-2022-50594P3HIGHCVSS 7.5fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50594 [HIGH] CWE-89 CVE-2022-50594: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included cle
nvd
CVE-2022-2135P3HIGHCVSS 7.5fixed in 5.7.04.64692022-07-22
CVE-2022-2135 [HIGH] CWE-89 CVE-2022-2135: The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attac
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-13373P3HIGHCVSS 7.5v5.7.05.70572025-12-04
CVE-2025-13373 [HIGH] CWE-89 CVE-2025-13373: Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requ
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
nvd
CVE-2023-52335P3HIGHCVSS 7.5fixed in 5.7.04.6752v5.7.042024-11-22
CVE-2023-52335 [HIGH] CWE-89 CVE-2023-52335: Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulner
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens
nvd
CVE-2021-22656P3HIGHCVSS 7.5fixed in 5.7.03.61122021-02-11
CVE-2021-22656 [HIGH] CWE-22 CVE-2021-22656: Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allo
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
nvd
CVE-2020-14499P3HIGHCVSS 7.5≤ 5.62020-07-15
CVE-2020-14499 [HIGH] CWE-284 CVE-2020-14499: Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful ex
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
nvd
CVE-2021-32932P3HIGHCVSS 7.5fixed in 5.7.03.6182vversions prior to v5.7.03.61822021-06-11
CVE-2021-32932 [HIGH] CWE-89 CVE-2021-32932: The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to d
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
nvd
CVE-2025-48891P3HIGHCVSS 7.6fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-48891 [HIGH] CWE-89 CVE-2025-48891: A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.che
A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.
nvd
CVE-2022-2136P3MEDIUMCVSS 6.5fixed in 5.7.04.64692022-07-22
CVE-2022-2136 [MEDIUM] CWE-89 CVE-2022-2136: The affected product is vulnerable to multiple SQL injections that require low privileges for exploi
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-52459P3MEDIUMCVSS 6.5fixed in 5.7.05 build 70572025-07-11
CVE-2025-52459 [MEDIUM] CWE-88 CVE-2025-52459: A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.back
A vulnerability exists in Advantech iView that allows for argument
injection in NetworkServlet.backupDatabase(). This issue requires an
authenticated attacker with at least user-level privileges. Certain
parameters can be used directly in a command without proper
sanitization, allowing arbitrary arguments to be injected. This can
result in information
nvd
CVE-2025-53509P3MEDIUMCVSS 6.5fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53509 [MEDIUM] CWE-88 CVE-2025-53509: A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.
A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
inform
nvd
CVE-2022-2142P4MEDIUMCVSS 5.9fixed in 5.7.04.64692022-07-22
CVE-2022-2142 [MEDIUM] CWE-89 CVE-2022-2142: The affected product is vulnerable to a SQL injection with high attack complexity, which may allow a
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-46704P4MEDIUMCVSS 4.3fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-46704 [MEDIUM] CWE-22 CVE-2025-46704: A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow
A vulnerability exists in Advantech iView in
NetworkServlet.processImportRequest() that could allow for a directory
traversal attack. This issue requires an authenticated attacker with at
least user-level privileges. A specific parameter is not properly
sanitized or normalized, potentially allowing an attacker to determine
the existence of arbitrary f
nvd
CVE-2025-53397P4MEDIUMCVSS 6.1fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53397 [MEDIUM] CWE-79 CVE-2025-53397: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user's browser, potentially leading to information disclosure or
other malicious activities.
nvd
CVE-2025-53519P4MEDIUMCVSS 5.4fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53519 [MEDIUM] CWE-79 CVE-2025-53519: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
nvd
CVE-2025-41442P4MEDIUMCVSS 5.4fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-41442 [MEDIUM] CWE-79 CVE-2025-41442: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a
A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user's browser, potentially leading to
information disclosure or other malicious activities.
nvd
CVE-2022-2137P4MEDIUMCVSS 4.9fixed in 5.7.04.64692022-07-22
CVE-2022-2137 [MEDIUM] CWE-89 CVE-2022-2137: The affected product is vulnerable to two SQL injections that require high privileges for exploitati
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
nvd
← Previous2 / 2