Cyber Resilience

CVE-2022-50593

CriticalPublic PoC

Published: 06 November 2025

Published
06 November 2025
Modified
08 December 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 61.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50593 is a critical-severity SQL Injection (CWE-89) vulnerability in Advantech Iview. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50593 is a critical vulnerability (CVSS 9.8) affecting Advantech iView versions prior to v5.7.04 build 6425. It resides in the SNMP management tool, where attackers can bypass authentication checks to access a SQL injection flaw in the 'search_term' parameter of the 'NetworkServlet' endpoint. The issue combines CWE-89 (SQL Injection) and CWE-306 (Missing Authentication for Critical Function), enabling escalation to remote code execution with administrator privileges.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants full administrative remote code execution on the affected iView instance, potentially compromising industrial control systems or SCADA environments where Advantech iView is deployed for device management.

Advantech has addressed the vulnerability via a firmware update to version 5.7.04 build 6425, detailed in their support advisory at https://www.advantech.tw/support/details/firmware?id=1-HIPU-183. Additional technical analysis is available from Exodus Intelligence (https://blog.exodusintel.com/2022/03/01/advantech-iview-search_term-parameter-sql-injection-remote-code-execution-vulnerability/) and VulnCheck (https://www.vulncheck.com/advisories/advantech-iview-searchterm-parameter-sqli-rce), recommending immediate patching and network segmentation for exposed SNMP interfaces.

EU & UK References

Vulnerability details

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful…

more

exploitation allows for remote code execution with administrator privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2022-50593 enables unauthenticated remote exploitation of a public-facing web servlet (NetworkServlet) via SQL injection and authentication bypass, directly facilitating T1190: Exploit Public-Facing Application for remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53515Same product: Advantech Iview
CVE-2022-50591Same product: Advantech Iview
CVE-2025-52577Same product: Advantech Iview
CVE-2025-53475Same product: Advantech Iview
CVE-2025-52694Same vendor: Advantech
CVE-2025-14850Same vendor: Advantech
CVE-2019-25678Shared CWE-306, CWE-89
CVE-2025-62630Same vendor: Advantech
CVE-2025-34256Same vendor: Advantech
CVE-2025-58423Same vendor: Advantech

Affected Assets

advantech
iview
≤ 5.7.04.6425

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the authentication bypass vulnerability (CWE-306) in the SNMP management tool by limiting permitted actions without identification or authentication.

prevent

Prevents SQL injection (CWE-89) exploitation in the 'search_term' parameter of the 'NetworkServlet' endpoint through comprehensive information input validation.

prevent

Mitigates the vulnerability by requiring identification, reporting, and timely remediation of flaws, including application of the vendor-provided firmware update to v5.7.04 build 6425.

References