Advantech iView (ICSA-20-196-01) – Product Used in the Energy and Water and Wastewater Sectors

CISA has published an advisory on SQL injection, path traversal, command injection, improper input validation, missing authentication for critical function, and improper access control vulnerabilities in Advantech iView. iView Versions 5.6 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application. Advantech has released version 5.7 of iView to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.