Advantech iView

Versions 5.6 and prior

OTHER 6 CVEs

Advantech iView 5.7.04.6469

OTHER 1 CVE

versions prior to v5.7.4 build 6752

OTHER 1 CVE

Versions 5.7 and prior

OTHER 1 CVE

iView versions prior to v5.7.03.6112

OTHER 4 CVEs

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

UNKNOWN Jul 31, 2023

CVE-2022-3323

An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.

UNKNOWN Sep 27, 2022

CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

UNKNOWN Feb 11, 2021

CVE-2021-22656

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

UNKNOWN Feb 11, 2021

CVE-2021-22658

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

UNKNOWN Feb 11, 2021

CVE-2021-22654

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

UNKNOWN Feb 11, 2021