ICS Advantech iView getPSInventoryInfo SQL Injection (CVE-2021-32932)

Rule ID

1139469

Severity

High

Description

A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of usersupplied input when processing the request in getPSInventoryInfo method in NetworkServlet Java class.

Impact

SQL injection

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

Reference

CVE-2021-32932

ZDI-21-656

ICSA-21-154-01

Keyword

N/A

Created At

2021/07/15

Updated At

2021/07/15

This website uses cookies to ensure you get the best experience on our website.

Learn more