Perceptive Security
SOC/SIEM Consultancy
Advantech iView
Published:
4 December 2025 at 12:00:00
Alert date:
5 December 2025 at 08:03:23
Source:
cisa.gov
CISA advisory about a SQL injection vulnerability (CVE-2025-13373) in Advantech iView versions 5.7.05.7057 and prior. The vulnerability has a CVSS v4 score of 8.7 and is exploitable remotely with low attack complexity. Attackers can inject SQL commands through improperly sanitized SNMP v1 trap requests on port 162, potentially allowing disclosure, modification, or deletion of sensitive data. The vulnerability affects critical manufacturing and IT infrastructure worldwide. Advantech recommends updating to iView v5.8.1 to address the issue.
Technical details
Mitigation steps:
Affected products:
Advantech iView
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/89.html
https://www.cve.org/CVERecord?id=CVE-2025-13373
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.