CVE-2021-22652

CRITICAL

Advantech iView <5.7.03.6112 - Code Execution

Title source: llm

Description

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by wvu, Spencer McIntyre · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/advantech_iview_unauth_rce.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.4086

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

advantech/iview < 5.7.03.6112

Published Feb 11, 2021

Tracked Since Feb 18, 2026