Login Sign Up

CVE-2021-22656

7.5 HIGH

📋 TL;DR

CVE-2021-22656 is a directory traversal vulnerability in Advantech iView that allows attackers to read sensitive files outside the intended directory. This affects organizations using Advantech iView versions before 5.7.03.6112 for industrial control system monitoring and management.

💻 Affected Systems

Products:
  • Advantech iView
Versions: All versions prior to v5.7.03.6112
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: iView is typically deployed in industrial control environments for device monitoring and management.

📦 What is this software?

Iview by Advantech

View all CVEs affecting Iview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading configuration files containing credentials, followed by lateral movement within industrial control networks.

🟠

Likely Case

Unauthorized access to sensitive configuration files, potentially exposing credentials, network information, and system details.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to vulnerable systems.

🌐 Internet-Facing: HIGH - Directory traversal vulnerabilities are easily exploitable when systems are internet-facing.
🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or through compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal vulnerabilities are simple to exploit with basic HTTP requests using ../ sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.7.03.6112

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

Restart Required: Yes

Instructions:

1. Download iView v5.7.03.6112 or later from Advantech support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the iView service.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate iView systems from untrusted networks and internet access

Web Application Firewall

all

Deploy WAF with directory traversal protection rules

🧯 If You Can't Patch

  • Implement strict network access controls to limit iView access to authorized IPs only
  • Monitor for unusual file access patterns and ../ sequences in web server logs

🔍 How to Verify

Check if Vulnerable:

Check iView version in web interface or installation directory. Versions below 5.7.03.6112 are vulnerable.

Check Version:

Check web interface login page or installation directory for version information

Verify Fix Applied:

Confirm version is 5.7.03.6112 or higher and test directory traversal attempts return proper errors.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing ../ sequences
  • Access to unexpected file paths in web logs
  • Failed attempts to access system files

Network Indicators:

  • HTTP requests with directory traversal payloads to iView endpoints
  • Unusual file downloads from iView server

SIEM Query:

source="iView_logs" AND (uri="*../*" OR uri="*..\\*" OR status=200 AND uri="*.config" OR uri="*.ini")

📊 Metadata

CVE ID: CVE-2021-22656
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: February 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22656, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)