SQL injection in iView - CVE-2022-2135
Published: June 29, 2022 / Updated: July 5, 2022
Vulnerability identifier: #VU64775
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-2135
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
iView
iView
Software vendor:
Advantech Co., Ltd
Advantech Co., Ltd
Description
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and gain access to sensitive information on the system.
Remediation
Install updates from vendor's website.
External links
- https://ics-cert.us-cert.gov/advisories/icsa-22-179-03
- https://www.zerodayinitiative.com/advisories/ZDI-22-919/
- https://www.zerodayinitiative.com/advisories/ZDI-22-918/
- https://www.zerodayinitiative.com/advisories/ZDI-22-917/
- https://www.zerodayinitiative.com/advisories/ZDI-22-916/
- https://www.zerodayinitiative.com/advisories/ZDI-22-915/
- https://www.zerodayinitiative.com/advisories/ZDI-22-914/
- https://www.zerodayinitiative.com/advisories/ZDI-22-913/
- https://www.zerodayinitiative.com/advisories/ZDI-22-912/
- https://www.zerodayinitiative.com/advisories/ZDI-22-911/
- https://www.zerodayinitiative.com/advisories/ZDI-22-910/
- https://www.zerodayinitiative.com/advisories/ZDI-22-909/
- https://www.zerodayinitiative.com/advisories/ZDI-22-908/
- https://www.zerodayinitiative.com/advisories/ZDI-22-907/
- https://www.zerodayinitiative.com/advisories/ZDI-22-906/
- https://www.zerodayinitiative.com/advisories/ZDI-22-905/
- https://www.zerodayinitiative.com/advisories/ZDI-22-904/
- https://www.zerodayinitiative.com/advisories/ZDI-22-903/
- https://www.zerodayinitiative.com/advisories/ZDI-22-902/
- https://www.zerodayinitiative.com/advisories/ZDI-22-901/
- https://www.zerodayinitiative.com/advisories/ZDI-22-900/
- https://www.zerodayinitiative.com/advisories/ZDI-22-899/
- https://www.zerodayinitiative.com/advisories/ZDI-22-898/
- https://www.zerodayinitiative.com/advisories/ZDI-22-897/
- https://www.zerodayinitiative.com/advisories/ZDI-22-896/
- https://www.zerodayinitiative.com/advisories/ZDI-22-895/
- https://www.zerodayinitiative.com/advisories/ZDI-22-894/
- https://www.zerodayinitiative.com/advisories/ZDI-22-893/
- https://www.zerodayinitiative.com/advisories/ZDI-22-892/
- https://www.zerodayinitiative.com/advisories/ZDI-22-891/
- https://www.zerodayinitiative.com/advisories/ZDI-22-890/
- https://www.zerodayinitiative.com/advisories/ZDI-22-889/
- https://www.zerodayinitiative.com/advisories/ZDI-22-888/
- https://www.zerodayinitiative.com/advisories/ZDI-22-887/
- https://www.zerodayinitiative.com/advisories/ZDI-22-886/
- https://www.zerodayinitiative.com/advisories/ZDI-22-885/
- https://www.zerodayinitiative.com/advisories/ZDI-22-884/
- https://www.zerodayinitiative.com/advisories/ZDI-22-883/
- https://www.zerodayinitiative.com/advisories/ZDI-22-882/
- https://www.zerodayinitiative.com/advisories/ZDI-22-881/
- https://www.zerodayinitiative.com/advisories/ZDI-22-880/