CVE-2021-22652

Published: Feb 11, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

Affected (1)

Products: Advantech: Iview

Advantech

1 product

Iview

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech Iview	Before 5.7.03.6112

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html

Source: ics-cert@hq.dhs.gov

ExploitThird Party AdvisoryVDB Entry

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.