CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425contain a vulnerability within the SNMP management toolthat allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the getInventoryReportData parameter to the NetworkServlet endpoint. Successful exploitation allows for remote code execution with administrator privileges.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183
https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce