Advantech iView

Plan Patch7.5ICS-CERT ICSA-22-342-01Dec 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

iView versions 5.7.04.6469 and earlier contain a SQL injection vulnerability in input handling. Successful exploitation allows an attacker to query the application database and acquire stored credentials without authentication. This vulnerability affects iView HMI/SCADA deployments in critical infrastructure.

What this means

What could happen

An attacker with network access to iView could extract stored credentials, potentially granting access to control system accounts and enabling lateral movement within the industrial network.

Who's at risk

Water utilities and electric utilities that use Advantech iView for SCADA/HMI (Supervisory Control and Data Acquisition / Human-Machine Interface) monitoring and control. Any organization running iView version 5.7.04.6469 or earlier should evaluate this risk.

How it could be exploited

An attacker sends a specially crafted SQL query through the iView application interface. The application does not properly sanitize input, allowing the attacker to inject SQL commands and retrieve credential data from the underlying database.

Prerequisites

Network access to the iView application port (typically web-based)
No authentication required to exploit the SQL injection vulnerability

Remotely exploitableNo authentication requiredLow complexity attackSQL injection (CWE-89)Credential theft risk

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

iView -≤ 5.7.04.64695.7.04.6583

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGPlace iView server behind a firewall and restrict network access to authorized users and devices only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate iView to version 5.7.04.6583 or later

Long-term hardening

0/2

HARDENINGIsolate iView and control system networks from business networks and the Internet

HARDENINGIf remote access to iView is required, implement a VPN with current security patches and strong access controls

CVEs (1)

CVE-2022-3323

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/50a98050-0078-47f5-b716-1bb13de75db6