Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Third Party Advisory US Government Resource |
https://www.zerodayinitiative.com/advisories/ZDI-20-859/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2020-07-15T02:19:48
Updated: 2020-07-16T17:06:15
Reserved: 2020-06-19T00:00:00
Link: CVE-2020-14501
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-15T03:15:50.607
Modified: 2020-07-22T15:08:12.010
Link: CVE-2020-14501
JSON object: View
Redhat Information
No data.
CWE