CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-50594

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183
https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure

Products affected by CVE-2022-50594

Advantech » Iview » Version: 5.6

cpe:2.3:a:advantech:iview:5.6
Advantech » Iview » Version: 5.7

cpe:2.3:a:advantech:iview:5.7
Advantech » Iview » Version: 5.7.02

cpe:2.3:a:advantech:iview:5.7.02
Advantech » Iview » Version: 5.7.03.6112

cpe:2.3:a:advantech:iview:5.7.03.6112
Advantech » Iview » Version: 5.7.03.6182

cpe:2.3:a:advantech:iview:5.7.03.6182

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-50594

Products

Pricing

Contact Us