CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-14505

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 86.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
https://www.zerodayinitiative.com/advisories/ZDI-20-831/
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
https://www.zerodayinitiative.com/advisories/ZDI-20-831/

Products affected by CVE-2020-14505

Advantech » Iview » Version: 5.6

cpe:2.3:a:advantech:iview:5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-14505

Products

Pricing

Contact Us