ICS Advantech iView NetworkServlet archiveTrapRange SQL Injection -2 (CVE-2025-52577)

Rule ID

1237528

Severity

High

Description

An SQL injection vulnerability has been reported in Advantech iView. The vulnerability is due to improper validation of user inputs in the archiveTrapRange method of the NetworkServlet class. A remote, authenticated user could exploit the vulnerability by sending crafted requests to the server. Successful exploitation could result in execution of arbitrary SQL commands on the target server.

Impact

SQL injection

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2025-52577

ICSA-25-191-08

T1059

T0853

T1190

T0819

Keywords

N/A

Date Created

2025/10/28

Last Updated

2025/11/04

This website uses cookies to ensure you get the best experience on our website.