U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:advantech:iview:5.7:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 14 matching records.
Displaying matches 1 through 14.
Vuln ID Summary CVSS Severity
CVE-2022-2143

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-2142

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2022-2139

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-2137

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2022-2136

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-2135

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-32932

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).

Published: June 11, 2021; 1:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).

Published: June 11, 2021; 1:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-22658

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

Published: February 11, 2021; 1:15:17 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-22656

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

Published: February 11, 2021; 1:15:17 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-22654

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

Published: February 11, 2021; 1:15:17 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

Published: February 11, 2021; 1:15:17 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-16245

Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.

Published: August 25, 2020; 3:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH