![]() MITIGATIONSĪdvantech recommends updating firmware to Version 5. Selim Enes Karaduman working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA. COUNTRIES/AREAS DEPLOYED: East Asia, Europe, United States.CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 9.1 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ![]() The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.ĬVE-2021-32932 has been assigned to this vulnerability. 3.2.2 IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code.ĬVE-2021-32930 has been assigned to this vulnerability. The following versions of Advantech’s iView product are affected:ģ.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Successful exploitation of these vulnerabilities could allow an attacker to disclose information and perform remote code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |