Advantech iView

Published:

4 december 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:23

Source:

cisa.gov

CISA advisory about a SQL injection vulnerability (CVE-2025-13373) in Advantech iView versions 5.7.05.7057 and prior. The vulnerability has a CVSS v4 score of 8.7 and is exploitable remotely with low attack complexity. Attackers can inject SQL commands through improperly sanitized SNMP v1 trap requests on port 162, potentially allowing disclosure, modification, or deletion of sensitive data. The vulnerability affects critical manufacturing and IT infrastructure worldwide. Advantech recommends updating to iView v5.8.1 to address the issue.

Technical details

Mitigation steps:

Affected products:

Advantech iView

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/89.html
https://www.cve.org/CVERecord?id=CVE-2025-13373
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

CVE-2025-13373

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.