CVE-2022-50593
Published: 06 November 2025
Summary
CVE-2022-50593 is a critical-severity SQL Injection (CWE-89) vulnerability in Advantech Iview. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the authentication bypass vulnerability (CWE-306) in the SNMP management tool by limiting permitted actions without identification or authentication.
Prevents SQL injection (CWE-89) exploitation in the 'search_term' parameter of the 'NetworkServlet' endpoint through comprehensive information input validation.
Mitigates the vulnerability by requiring identification, reporting, and timely remediation of flaws, including application of the vendor-provided firmware update to v5.7.04 build 6425.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2022-50593 enables unauthenticated remote exploitation of a public-facing web servlet (NetworkServlet) via SQL injection and authentication bypass, directly facilitating T1190: Exploit Public-Facing Application for remote code execution.
NVD Description
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful…
more
exploitation allows for remote code execution with administrator privileges.
Deeper analysisAI
CVE-2022-50593 is a critical vulnerability (CVSS 9.8) affecting Advantech iView versions prior to v5.7.04 build 6425. It resides in the SNMP management tool, where attackers can bypass authentication checks to access a SQL injection flaw in the 'search_term' parameter of the 'NetworkServlet' endpoint. The issue combines CWE-89 (SQL Injection) and CWE-306 (Missing Authentication for Critical Function), enabling escalation to remote code execution with administrator privileges.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants full administrative remote code execution on the affected iView instance, potentially compromising industrial control systems or SCADA environments where Advantech iView is deployed for device management.
Advantech has addressed the vulnerability via a firmware update to version 5.7.04 build 6425, detailed in their support advisory at https://www.advantech.tw/support/details/firmware?id=1-HIPU-183. Additional technical analysis is available from Exodus Intelligence (https://blog.exodusintel.com/2022/03/01/advantech-iview-search_term-parameter-sql-injection-remote-code-execution-vulnerability/) and VulnCheck (https://www.vulncheck.com/advisories/advantech-iview-searchterm-parameter-sqli-rce), recommending immediate patching and network segmentation for exposed SNMP interfaces.
Details
- CWE(s)