CVE-2020-14501

Published: Jul 15, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.

Affected (1)

Products: Advantech: Iview

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech Iview	Up to 5.6

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-20-859/

Source: ics-cert@hq.dhs.gov

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-20-859/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.