cbcvebase.

Advantech Iview vulnerabilities

39 known vulnerabilities affecting advantech/iview.

Total CVEs
39
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH17MEDIUM9

Vulnerabilities

Page 2 of 2
CVE-2021-22654P3HIGHCVSS 7.5fixed in 5.7.03.61122021-02-11
CVE-2021-22654 [HIGH] CWE-89 CVE-2021-22654: Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2022-2138P3HIGHCVSS 7.5fixed in 5.7.04.64692022-07-22
CVE-2022-2138 [HIGH] CWE-306 CVE-2022-2138: The affected product is vulnerable due to missing authentication, which may allow an attacker to rea The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
nvd
CVE-2022-50594P3HIGHCVSS 7.5fixed in 5.7.04.6425fixed in 5.7.04 build 64252025-11-06
CVE-2022-50594 [HIGH] CWE-89 CVE-2022-50594: Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included cle
nvd
CVE-2022-2135P3HIGHCVSS 7.5fixed in 5.7.04.64692022-07-22
CVE-2022-2135 [HIGH] CWE-89 CVE-2022-2135: The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attac The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-13373P3HIGHCVSS 7.5v5.7.05.70572025-12-04
CVE-2025-13373 [HIGH] CWE-89 CVE-2025-13373: Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requ Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
nvd
CVE-2023-52335P3HIGHCVSS 7.5fixed in 5.7.04.6752v5.7.042024-11-22
CVE-2023-52335 [HIGH] CWE-89 CVE-2023-52335: Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulner Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens
nvd
CVE-2021-22656P3HIGHCVSS 7.5fixed in 5.7.03.61122021-02-11
CVE-2021-22656 [HIGH] CWE-22 CVE-2021-22656: Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allo Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
nvd
CVE-2020-14499P3HIGHCVSS 7.5≤ 5.62020-07-15
CVE-2020-14499 [HIGH] CWE-284 CVE-2020-14499: Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful ex Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
nvd
CVE-2021-32932P3HIGHCVSS 7.5fixed in 5.7.03.6182vversions prior to v5.7.03.61822021-06-11
CVE-2021-32932 [HIGH] CWE-89 CVE-2021-32932: The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to d The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
nvd
CVE-2025-48891P3HIGHCVSS 7.6fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-48891 [HIGH] CWE-89 CVE-2025-48891: A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.che A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition.
nvd
CVE-2022-2136P3MEDIUMCVSS 6.5fixed in 5.7.04.64692022-07-22
CVE-2022-2136 [MEDIUM] CWE-89 CVE-2022-2136: The affected product is vulnerable to multiple SQL injections that require low privileges for exploi The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-52459P3MEDIUMCVSS 6.5fixed in 5.7.05 build 70572025-07-11
CVE-2025-52459 [MEDIUM] CWE-88 CVE-2025-52459: A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.back A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information
nvd
CVE-2025-53509P3MEDIUMCVSS 6.5fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53509 [MEDIUM] CWE-88 CVE-2025-53509: A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet. A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in inform
nvd
CVE-2022-2142P4MEDIUMCVSS 5.9fixed in 5.7.04.64692022-07-22
CVE-2022-2142 [MEDIUM] CWE-89 CVE-2022-2142: The affected product is vulnerable to a SQL injection with high attack complexity, which may allow a The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
nvd
CVE-2025-46704P4MEDIUMCVSS 4.3fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-46704 [MEDIUM] CWE-22 CVE-2025-46704: A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary f
nvd
CVE-2025-53397P4MEDIUMCVSS 6.1fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53397 [MEDIUM] CWE-79 CVE-2025-53397: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.
nvd
CVE-2025-53519P4MEDIUMCVSS 5.4fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-53519 [MEDIUM] CWE-79 CVE-2025-53519: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.
nvd
CVE-2025-41442P4MEDIUMCVSS 5.4fixed in 5.7.05.7057fixed in 5.7.05 build 70572025-07-11
CVE-2025-41442 [MEDIUM] CWE-79 CVE-2025-41442: A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.
nvd
CVE-2022-2137P4MEDIUMCVSS 4.9fixed in 5.7.04.64692022-07-22
CVE-2022-2137 [MEDIUM] CWE-89 CVE-2022-2137: The affected product is vulnerable to two SQL injections that require high privileges for exploitati The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
nvd
Advantech Iview vulnerabilities | cvebase