Vulnerability Details : CVE-2020-14497
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
Vulnerability category: Sql InjectionExecute code
Products affected by CVE-2020-14497
- cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14497
1.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14497
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-14497
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-14497
-
https://www.zerodayinitiative.com/advisories/ZDI-20-866/
ZDI-20-866 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-827/
ZDI-20-827 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-868/
ZDI-20-868 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-837/
ZDI-20-837 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-836/
ZDI-20-836 | Zero Day InitiativeThird Party Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
Advantech iView | CISAThird Party Advisory;US Government Resource
-
https://www.zerodayinitiative.com/advisories/ZDI-20-844/
ZDI-20-844 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-854/
ZDI-20-854 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-862/
ZDI-20-862 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-855/
ZDI-20-855 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-858/
ZDI-20-858 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-843/
ZDI-20-843 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-832/
ZDI-20-832 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-839/
ZDI-20-839 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-833/
ZDI-20-833 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-857/
ZDI-20-857 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-845/
ZDI-20-845 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-869/
ZDI-20-869 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-847/
ZDI-20-847 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-849/
ZDI-20-849 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-864/
ZDI-20-864 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-838/
ZDI-20-838 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-863/
ZDI-20-863 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-828/
ZDI-20-828 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-846/
ZDI-20-846 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-865/
ZDI-20-865 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-860/
ZDI-20-860 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-850/
ZDI-20-850 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-835/
ZDI-20-835 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-842/
ZDI-20-842 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-856/
ZDI-20-856 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-851/
ZDI-20-851 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-861/
ZDI-20-861 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-848/
ZDI-20-848 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-852/
ZDI-20-852 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-853/
ZDI-20-853 | Zero Day InitiativeThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-830/
ZDI-20-830 | Zero Day InitiativeThird Party Advisory
Jump to