CNNVD-202512-430 Information
CNNVD ID
CNNVD-202512-430
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView 5.7.05.7057及之前版本存在SQL注入漏洞,该漏洞源于SNMP v1陷阱请求清理不当,可能导致SQL注入。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. There is an SQL injection loophole in Advantech iView 5.7.05.7057 and earlier versions, which is the result of a SNMP v1 trap request for inappropriate clean-up, which may lead to SQL injection.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
研华
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-07.json https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07
Patch
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
Share on: