CVE-2020-14501
CRITICALAdvantech iView < 5.6 - Unauthenticated Information Disclosure and Account Deletion
Title source: llmDescription
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-859/
Scores
CVSS v3
9.8
EPSS
0.0034
EPSS Percentile
56.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
advantech/iview
< 5.6
Published
Jul 15, 2020
Tracked Since
Feb 18, 2026