CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.5%

CVSS Severity

CVSS v3 Score 7.2

References

https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183
https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce

Products affected by CVE-2022-50592

Advantech » Iview » Version: 5.6

cpe:2.3:a:advantech:iview:5.6
Advantech » Iview » Version: 5.7

cpe:2.3:a:advantech:iview:5.7
Advantech » Iview » Version: 5.7.02

cpe:2.3:a:advantech:iview:5.7.02
Advantech » Iview » Version: 5.7.03.6112

cpe:2.3:a:advantech:iview:5.7.03.6112
Advantech » Iview » Version: 5.7.03.6182

cpe:2.3:a:advantech:iview:5.7.03.6182

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-50592

Products

Pricing

Contact Us