Advantech iView

4 december 2025 om 12:00:00

cisa.gov

CISA published an advisory for CVE-2025-13373, a SQL injection vulnerability in Advantech iView version 5.7.05.7057 and prior. The vulnerability has a CVSS v4 score of 8.7 and is remotely exploitable with low attack complexity. The flaw affects SNMP v1 trap requests on port 162, allowing attackers to inject SQL commands and potentially disclose sensitive information, modify, or delete data. Advantech recommends updating to iView v5.8.1. The vulnerability affects critical manufacturing and information technology sectors worldwide. No known public exploitation has been reported to CISA at this time.

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07 https://github.com/cisagov/CSAF https://cwe.mitre.org/data/definitions/89.html https://www.cve.org/CVERecord?id=CVE-2025-13373 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.cisa.gov/topics/industrial-control-systems https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

CVE-2025-13373

Related threat actors:

No threat actors found in this article

Affected products:

Advantech iView

IOC's:

No IOCs found in this article