11 January 2024

Security I Trust

Helping you build Security and Trust

SQL Injection vulnerability in Advantech iView CVE-2022-3323

1 min read

SQL Injection vulnerability in Advantech iView CVE-2022-3323
Risk: High
CVE ID: CVE-2022-3323
CVE Score: 7.5
Impacted Product: Advantech iView 5.7.04.6469
Published Date: 03 Oct 2022
Updated: 03 Oct 2022

Vulnerability Threat & Description:
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the Configuration Servlet endpoint. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection.

 

Remediation Level: Unknown

Attack Vector: Network
Authentication requested: None
Privileges Required: None
Patch Available: Unknown
Public Exploit available:
Attack Complexity: Low
User Interaction: None
Impact on:
• Confidentiality: High
• Integrity: None
• Availability: None

More Info:
https://www.tenable.com/security/research/tra-2022-32