CVE-2020-14497 Information

Feb 14, 2021 cve

Description

Advantech iView versions 5.6 and prior contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials read or modify information and remotely execute code.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 https://www.zerodayinitiative.com/advisories/ZDI-20-827/ https://www.zerodayinitiative.com/advisories/ZDI-20-828/ https://www.zerodayinitiative.com/advisories/ZDI-20-830/ https://www.zerodayinitiative.com/advisories/ZDI-20-832/ https://www.zerodayinitiative.com/advisories/ZDI-20-833/ https://www.zerodayinitiative.com/advisories/ZDI-20-835/ https://www.zerodayinitiative.com/advisories/ZDI-20-836/ https://www.zerodayinitiative.com/advisories/ZDI-20-837/ https://www.zerodayinitiative.com/advisories/ZDI-20-838/ https://www.zerodayinitiative.com/advisories/ZDI-20-839/ https://www.zerodayinitiative.com/advisories/ZDI-20-842/ https://www.zerodayinitiative.com/advisories/ZDI-20-843/ https://www.zerodayinitiative.com/advisories/ZDI-20-844/ https://www.zerodayinitiative.com/advisories/ZDI-20-845/ https://www.zerodayinitiative.com/advisories/ZDI-20-846/ https://www.zerodayinitiative.com/advisories/ZDI-20-847/ https://www.zerodayinitiative.com/advisories/ZDI-20-848/ https://www.zerodayinitiative.com/advisories/ZDI-20-849/ https://www.zerodayinitiative.com/advisories/ZDI-20-850/ https://www.zerodayinitiative.com/advisories/ZDI-20-851/ https://www.zerodayinitiative.com/advisories/ZDI-20-852/ https://www.zerodayinitiative.com/advisories/ZDI-20-853/ https://www.zerodayinitiative.com/advisories/ZDI-20-854/ https://www.zerodayinitiative.com/advisories/ZDI-20-855/ https://www.zerodayinitiative.com/advisories/ZDI-20-856/ https://www.zerodayinitiative.com/advisories/ZDI-20-857/ https://www.zerodayinitiative.com/advisories/ZDI-20-858/ https://www.zerodayinitiative.com/advisories/ZDI-20-860/ https://www.zerodayinitiative.com/advisories/ZDI-20-861/ https://www.zerodayinitiative.com/advisories/ZDI-20-862/ https://www.zerodayinitiative.com/advisories/ZDI-20-863/ https://www.zerodayinitiative.com/advisories/ZDI-20-864/ https://www.zerodayinitiative.com/advisories/ZDI-20-865/ https://www.zerodayinitiative.com/advisories/ZDI-20-866/ https://www.zerodayinitiative.com/advisories/ZDI-20-868/ https://www.zerodayinitiative.com/advisories/ZDI-20-869/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: