CVE-2022-50594

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/	Third Party Advisory
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183	Vendor Advisory
https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*

History

17 Jun 2026, 05:23

Type	Values Removed	Values Added
Summary		(es) Advantech iView versiones anteriores a v5.7.04 build 6425 tienen una vulnerabilidad en la herramienta de gestión SNMP que permite a atacantes remotos eludir los controles de autenticación y realizar una vulnerabilidad de inyección SQL dentro del parámetro 'data' del endpoint 'NetworkServlet'. La explotación exitosa permite la exfiltración de datos del usuario, incluidas contraseñas en texto claro.

24 Nov 2025, 18:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:advantech:iview::::::::
First Time		Advantech iview Advantech
References	~~() https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/ -~~	() https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/ - Third Party Advisory
References	~~() https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 -~~	() https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure -~~	() https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

06 Nov 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-06 20:15

Updated : 2026-06-17 05:23

NVD link : CVE-2022-50594

Mitre link : CVE-2022-50594

CVE.ORG link : CVE-2022-50594

JSON object : View

Products Affected

advantech

iview

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-306

Missing Authentication for Critical Function

7.5 /10