Cyber Resilience

CVE-2022-50591

HighPublic PoC

Published: 06 November 2025

Published
06 November 2025
Modified
24 November 2025
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 39.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50591 is a high-severity SQL Injection (CWE-89) vulnerability in Advantech Iview. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50591 is a critical vulnerability in Advantech iView versions prior to v5.7.04 build 6425. It exists within the SNMP management tool, where attackers can bypass authentication checks to access a SQL injection flaw in the ‘ztp_config_id’ parameter of the ‘NetworkServlet’ endpoint. The issue, linked to CWE-89 (SQL Injection) and CWE-306 (Missing Authentication for Critical Function), carries a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction. By leveraging the SNMP tool to evade checks and injecting malicious payloads into the vulnerable parameter, they achieve high-impact confidentiality, integrity, and availability effects, primarily through exfiltration of user data including cleartext passwords.

Advantech recommends upgrading to iView v5.7.04 build 6425 or later to mitigate the vulnerability, as detailed in their firmware support advisory. Additional technical analysis and exploitation details are provided in advisories from Exodus Intelligence and VulnCheck.

EU & UK References

Vulnerability details

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful…

more

exploitation allows for the exfiltration of user data, included clear text passwords.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

CVE enables unauthenticated remote exploitation of a public-facing web application (NetworkServlet) via SNMP tool bypass (T1190) and SQL injection for database data exfiltration including cleartext passwords (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50593Same product: Advantech Iview
CVE-2025-53515Same product: Advantech Iview
CVE-2025-52577Same product: Advantech Iview
CVE-2025-53475Same product: Advantech Iview
CVE-2025-52694Same vendor: Advantech
CVE-2025-14850Same vendor: Advantech
CVE-2025-62630Same vendor: Advantech
CVE-2025-34256Same vendor: Advantech
CVE-2025-58423Same vendor: Advantech
CVE-2025-59171Same vendor: Advantech

Affected Assets

advantech
iview
≤ 5.7.04.6425

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Input Validation directly prevents SQL injection attacks by ensuring the 'ztp_config_id' parameter in NetworkServlet rejects malicious payloads.

prevent

Permitted Actions Without Identification or Authentication ensures no critical functions like the SNMP tool bypass to NetworkServlet are allowed without proper authentication.

prevent

Flaw Remediation mandates timely patching of the vulnerability as recommended by Advantech, preventing exploitation in affected iView versions.

References