Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-14497

Disclosure Date: July 15, 2020
CVE-2020-14497 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Advantech iView Versions 5.6 and prior
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Weaknesses

References

Canonical
CVE-2020-14497 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14497)
Miscellaneous
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
https://www.zerodayinitiative.com/advisories/ZDI-20-847
https://www.zerodayinitiative.com/advisories/ZDI-20-827
https://www.zerodayinitiative.com/advisories/ZDI-20-868
https://www.zerodayinitiative.com/advisories/ZDI-20-852
https://www.zerodayinitiative.com/advisories/ZDI-20-862
https://www.zerodayinitiative.com/advisories/ZDI-20-860
https://www.zerodayinitiative.com/advisories/ZDI-20-846
https://www.zerodayinitiative.com/advisories/ZDI-20-844
https://www.zerodayinitiative.com/advisories/ZDI-20-845
https://www.zerodayinitiative.com/advisories/ZDI-20-855
https://www.zerodayinitiative.com/advisories/ZDI-20-857
https://www.zerodayinitiative.com/advisories/ZDI-20-854
https://www.zerodayinitiative.com/advisories/ZDI-20-864
https://www.zerodayinitiative.com/advisories/ZDI-20-849
https://www.zerodayinitiative.com/advisories/ZDI-20-832
https://www.zerodayinitiative.com/advisories/ZDI-20-835
https://www.zerodayinitiative.com/advisories/ZDI-20-848
https://www.zerodayinitiative.com/advisories/ZDI-20-838
https://www.zerodayinitiative.com/advisories/ZDI-20-850
https://www.zerodayinitiative.com/advisories/ZDI-20-856
https://www.zerodayinitiative.com/advisories/ZDI-20-866
https://www.zerodayinitiative.com/advisories/ZDI-20-842
https://www.zerodayinitiative.com/advisories/ZDI-20-837
https://www.zerodayinitiative.com/advisories/ZDI-20-865
https://www.zerodayinitiative.com/advisories/ZDI-20-851
https://www.zerodayinitiative.com/advisories/ZDI-20-828
https://www.zerodayinitiative.com/advisories/ZDI-20-853
https://www.zerodayinitiative.com/advisories/ZDI-20-843
https://www.zerodayinitiative.com/advisories/ZDI-20-839
https://www.zerodayinitiative.com/advisories/ZDI-20-858
https://www.zerodayinitiative.com/advisories/ZDI-20-830
https://www.zerodayinitiative.com/advisories/ZDI-20-861
https://www.zerodayinitiative.com/advisories/ZDI-20-863
https://www.zerodayinitiative.com/advisories/ZDI-20-869
https://www.zerodayinitiative.com/advisories/ZDI-20-833
https://www.zerodayinitiative.com/advisories/ZDI-20-836

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis