CVE-2020-14499

Published: Jul 15, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.

Affected (1)

Products: Advantech: Iview

Advantech

1 product

Iview

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech Iview	Up to 5.6

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-20-867/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-20-867/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.