Advantech iView

Act Now9.8ICS-CERT ICSA-20-238-01Aug 25, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech iView versions 5.7 and earlier contain a path traversal vulnerability (CWE-22) that allows an attacker on the network to read or modify files, execute arbitrary code, or crash the application without authentication or user interaction. Successful exploitation could disrupt process monitoring and control operations. Advantech released Version 5.7.02 to address this vulnerability.

What this means

What could happen

An attacker could read or modify data in iView, execute arbitrary code on the system, or cause the application to crash, disrupting monitoring and control of connected industrial processes.

Who's at risk

Advantech iView users managing industrial processes via this supervisory platform, including water utilities, electric utilities, and manufacturing facilities that rely on iView for process monitoring and control.

How it could be exploited

An attacker on the network sends a crafted request to iView (path traversal via CWE-22) without authentication. The request could read sensitive files, inject code, or trigger a denial of service. No user interaction required.

Prerequisites

Network access to iView service (typically port 80/443)
iView version 5.7 or earlier
No credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (15.9%)affects monitoring and control systems

Exploitability

High exploit probability (EPSS 15.9%)

Affected products (1)

ProductAffected VersionsFix Status

iView:≤ 5.75.7.02

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to iView: firewall rules to limit connections to authorized engineering workstations and control systems only

HARDENINGIsolate iView system on a dedicated control network behind a firewall; do not expose to the Internet or business network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade iView to version 5.7.02 or later

Long-term hardening

0/1

HARDENINGIf remote access to iView is required, use a VPN with current security patches

CVEs (1)

CVE-2020-16245

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/313b6c9d-4505-4f40-a56c-b05d66915893