ID
VAR-202209-1749
CVE
CVE-2022-3323
TITLE
Advantech Made iView In SQL Injection vulnerability
Trust: 0.8
DESCRIPTION
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Advantech Provided by the company iView The following vulnerabilities exist in. It was * SQL injection (CWE-89) - CVE-2022-3323 It was 2022 Year 12 Moon 9 As of today, we have confirmed that the demonstration code for this vulnerability has been released.If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information of the product is stolen by a remote third party
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | advantech | model: | iview | scope: | eq | version: | 5.7.04.6469 | Trust: 1.0 |
| vendor: | アドバンテック株式会社 | model: | iview | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アドバンテック株式会社 | model: | iview | scope: | lte | version: | 5_7_04_6469 and earlier | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.1 |
| problemtype: | SQL injection (CWE-89) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | iView - Webserver version | url: | https://www.advantech.com/en/support/details/firmware?id=1-hipu-183 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-3323 | Trust: 3.3 |
| db: | TENABLE | id: | TRA-2022-32 | Trust: 1.7 |
| db: | JVN | id: | JVNVU92856810 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-22-342-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-002776 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.6439 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202209-2819 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-430947 | Trust: 0.1 |
REFERENCES
| url: | https://www.tenable.com/security/research/tra-2022-32 | Trust: 1.7 |
| url: | https://jvn.jp/vu/jvnvu92856810/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-3323 | Trust: 0.8 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-01 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-3323/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.6439 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-430947 |
| db: | JVNDB | id: | JVNDB-2022-002776 |
| db: | NVD | id: | CVE-2022-3323 |
| db: | CNNVD | id: | CNNVD-202209-2819 |
LAST UPDATE DATE
2023-12-18T13:41:54.361000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-430947 | date: | 2022-09-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002776 | date: | 2022-12-12T05:43:00 |
| db: | NVD | id: | CVE-2022-3323 | date: | 2022-09-29T16:41:35.093 |
| db: | CNNVD | id: | CNNVD-202209-2819 | date: | 2022-12-12T00:00:00 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-430947 | date: | 2022-09-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002776 | date: | 2022-12-12T00:00:00 |
| db: | NVD | id: | CVE-2022-3323 | date: | 2022-09-27T23:15:15.867 |
| db: | CNNVD | id: | CNNVD-202209-2819 | date: | 2022-09-27T00:00:00 |