CVE-2021-22652

CRITICAL

Advantech iView <5.7.03.6112 - Code Execution

Title source: llm

Description

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by wvu, Spencer McIntyre · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/advantech_iview_unauth_rce.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

Scores

CVSS v3 9.8

EPSS 0.4086

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (1)

advantech/iview < 5.7.03.6112

Timeline

Published Feb 11, 2021

Tracked Since Feb 18, 2026