All news with #advantech tag

Advantech iView SQL Injection Vulnerability (CVE-2025-13373)

⚠️ Advantech iView versions 5.7.05.7057 and earlier are affected by an SQL injection vulnerability in SNMP v1 trap handling (port 162) that can be exploited remotely with low attack complexity. CISA assigns CVE-2025-13373 with a CVSS v4 base score of 8.7 (and CVSS v3.1 7.5). Successful exploitation could disclose, modify, or delete data. Advantech recommends updating to iView v5.8.1; CISA advises network isolation, firewalls, and secure remote access.

CISA Releases Four Industrial Control Systems Advisories

🔔 CISA released four Industrial Control Systems (ICS) advisories covering Advantech DeviceOn iEdge, Ubia Ubox, ABB FLXeon Controllers, and an update for Hitachi Energy Asset Suite. Each advisory provides technical details on identified vulnerabilities and recommended mitigations. Users and administrators are urged to review the advisories and apply mitigations promptly.

Advantech DeviceOn/iEdge: Multiple Remote Flaws Report

⚠️ Advantech DeviceOn/iEdge versions 2.0.2 and earlier contain multiple remotely exploitable vulnerabilities, including XSS and several path-traversal flaws assigned CVE-2025-64302, CVE-2025-62630, CVE-2025-59171, and CVE-2025-58423. Successful exploitation may lead to denial-of-service, arbitrary file disclosure, or remote code execution with system-level permissions. CISA notes the products are EOL and recommends upgrading to DeviceOn, isolating devices from the internet, and using secure remote access methods to reduce risk.