Vulnerability Description
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | Iview | < 5.7.03.6112 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-RemoExploitThird Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02Third Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-RemoExploitThird Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-22652?
CVE-2021-22652 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
How severe is CVE-2021-22652?
CVE-2021-22652 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22652?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech Iview.