Vulnerability Description
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Iview | <= 5.6 |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-20-859/Third Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-20-859/Third Party Advisory
FAQ
What is CVE-2020-14501?
CVE-2020-14501 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the informa...
How severe is CVE-2020-14501?
CVE-2020-14501 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14501?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech Iview.