CVE-2025-13373 | THREATINT

Description

Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-04 | Updated 2025-12-04 | Assigner icscert

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

5.7.05.7057

affected

5.8.1

unaffected

Credits

m00nback reported this vulnerability to CISA. finder

References

www.advantech.com/.../support/details/firmware?id=1-HIPU-183

www.cisa.gov/news-events/ics-advisories/icsa-25-338-07

github.com/...p/csaf_files/OT/white/2025/icsa-25-338-07.json

cve.org (CVE-2025-13373)

nvd.nist.gov (CVE-2025-13373)

Download JSON