Advisory ID: ZDI-20-851 CVE ID: CVE-2020-14497 CVSS Score: 7.5 Affected Vendor: Advantech Affected Product: iView Vulnerability Details: - The vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView due to improper validation of a user-supplied string within the TaskEditDeviceTable class. - An attacker can exploit this to disclose stored credentials, leading to further compromise. Additional Details: Advantech has issued an update to correct the vulnerability. More details can be found at: https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33 Disclosure Timeline: - 2020-03-18: Vulnerability reported to vendor - 2020-07-16: Coordinated public release of advisory Credit: rgod