CVE-2020-14497
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
15/07/2020
Last modified:
21/07/2020
Description
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:* | 5.6 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
- https://www.zerodayinitiative.com/advisories/ZDI-20-827/
- https://www.zerodayinitiative.com/advisories/ZDI-20-828/
- https://www.zerodayinitiative.com/advisories/ZDI-20-830/
- https://www.zerodayinitiative.com/advisories/ZDI-20-832/
- https://www.zerodayinitiative.com/advisories/ZDI-20-833/
- https://www.zerodayinitiative.com/advisories/ZDI-20-835/
- https://www.zerodayinitiative.com/advisories/ZDI-20-836/
- https://www.zerodayinitiative.com/advisories/ZDI-20-837/
- https://www.zerodayinitiative.com/advisories/ZDI-20-838/
- https://www.zerodayinitiative.com/advisories/ZDI-20-839/
- https://www.zerodayinitiative.com/advisories/ZDI-20-842/
- https://www.zerodayinitiative.com/advisories/ZDI-20-843/
- https://www.zerodayinitiative.com/advisories/ZDI-20-844/
- https://www.zerodayinitiative.com/advisories/ZDI-20-845/
- https://www.zerodayinitiative.com/advisories/ZDI-20-846/
- https://www.zerodayinitiative.com/advisories/ZDI-20-847/
- https://www.zerodayinitiative.com/advisories/ZDI-20-848/
- https://www.zerodayinitiative.com/advisories/ZDI-20-849/
- https://www.zerodayinitiative.com/advisories/ZDI-20-850/
- https://www.zerodayinitiative.com/advisories/ZDI-20-851/
- https://www.zerodayinitiative.com/advisories/ZDI-20-852/
- https://www.zerodayinitiative.com/advisories/ZDI-20-853/
- https://www.zerodayinitiative.com/advisories/ZDI-20-854/
- https://www.zerodayinitiative.com/advisories/ZDI-20-855/
- https://www.zerodayinitiative.com/advisories/ZDI-20-856/
- https://www.zerodayinitiative.com/advisories/ZDI-20-857/
- https://www.zerodayinitiative.com/advisories/ZDI-20-858/
- https://www.zerodayinitiative.com/advisories/ZDI-20-860/
- https://www.zerodayinitiative.com/advisories/ZDI-20-861/
- https://www.zerodayinitiative.com/advisories/ZDI-20-862/
- https://www.zerodayinitiative.com/advisories/ZDI-20-863/
- https://www.zerodayinitiative.com/advisories/ZDI-20-864/
- https://www.zerodayinitiative.com/advisories/ZDI-20-865/
- https://www.zerodayinitiative.com/advisories/ZDI-20-866/
- https://www.zerodayinitiative.com/advisories/ZDI-20-868/
- https://www.zerodayinitiative.com/advisories/ZDI-20-869/