CVE-2023-52335

Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183	Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-24-610/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*

History

09 Jan 2025, 16:05

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de divulgación de información mediante inyección SQL en ConfigurationServlet de Advantech iView. Esta vulnerabilidad permite a atacantes remotos divulgar información confidencial sobre las instalaciones afectadas de Advantech iView. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro del servlet ConfigurationServlet, que escucha en el puerto TCP 8080 de manera predeterminada. Al analizar el elemento column_value, el proceso no valida correctamente una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para divulgar credenciales almacenadas, lo que conduce a una mayor vulnerabilidad. Era ZDI-CAN-17863.
CPE		cpe:2.3:a:advantech:iview::::::::
First Time		Advantech Advantech iview
References	~~() https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 -~~	() https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 - Release Notes
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-24-610/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-24-610/ - Third Party Advisory

22 Nov 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-22 20:15

Updated : 2025-01-09 16:05

NVD link : CVE-2023-52335

Mitre link : CVE-2023-52335

CVE.ORG link : CVE-2023-52335

JSON object : View

Products Affected

advantech

iview

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-52335", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-22T20:15:07.927", "references": [{"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183", "tags": ["Release Notes"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-610/", "tags": ["Third Party Advisory"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863."}, {"lang": "es", "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n mediante inyecci\u00f3n SQL en ConfigurationServlet de Advantech iView. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Advantech iView. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servlet ConfigurationServlet, que escucha en el puerto TCP 8080 de manera predeterminada. Al analizar el elemento column_value, el proceso no valida correctamente una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para divulgar credenciales almacenadas, lo que conduce a una mayor vulnerabilidad. Era ZDI-CAN-17863."}], "lastModified": "2025-01-09T16:05:53.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFB283D2-9626-493E-AC5C-7B9B507AC546", "versionEndExcluding": "5.7.04.6752"}], "operator": "OR"}]}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}

7.5 /10