Advantech iView

Act Now9.8ICS-CERT ICSA-22-179-03Jun 28, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech iView contains multiple critical vulnerabilities (SQL injection, missing authentication, path traversal, command injection) that allow an attacker with network access to read or modify sensitive data, disclose information, or execute arbitrary code on the server. All versions prior to 5_7_4_6469 are affected.

What this means

What could happen

An attacker could execute arbitrary code on the iView server, read sensitive data like credentials or process information, or modify critical monitoring and control data. This could disrupt visibility into industrial processes or enable further attacks on connected systems.

Who's at risk

Water utilities and municipal electric utilities that use Advantech iView for SCADA data visualization and historical monitoring. Plant engineers, system operators, and facility managers who rely on iView dashboards to monitor pump stations, water treatment processes, or substation operations should be concerned.

How it could be exploited

An attacker with network access to the iView server (typically port 80/443 for web interface) could exploit SQL injection or command injection flaws to run arbitrary commands on the server with iView application privileges, or bypass authentication to access sensitive functions without credentials.

Prerequisites

Network access to iView web interface (HTTP/HTTPS port)
No valid credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (58%)arbitrary code execution

Exploitability

High exploit probability (EPSS 58.3%)

Affected products (1)

ProductAffected VersionsFix Status

iView: All< 5 7 04 64695_7_4_6469

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to iView server: place behind firewall, disable Internet routing, allow connections only from authorized engineering workstations and networks

WORKAROUNDIf remote access is required, implement VPN access to iView management interface and keep VPN appliance firmware current

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate iView firmware to version 5_7_4_6469 or later

CVEs (7)

CVE-2022-2135 CVE-2022-2136 CVE-2022-2137 CVE-2022-2142 CVE-2022-2138 CVE-2022-2139 CVE-2022-2143

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/18700831-f9d0-4e70-881c-4034925870a6