Summary
Successful exploitation of these vulnerabilities could allow an authenticated attacker to read or modify a remote database.
The following versions of Advantech WebAccess/SCADA are affected:
- WebAccess/SCADA (CVE-2025-14850, CVE-2025-14849, CVE-2025-14848, CVE-2025-46268, CVE-2025-67653)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Advantech | Advantech WebAccess/SCADA | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Taiwan, Province of China
Vulnerabilities
CVE-2025-14850
The affected product is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
Affected Products
Advantech WebAccess/SCADA
Vendor:
Advantech
Advantech
Product Version:
Advantech WebAccess/SCADA: 9.2.1
Advantech WebAccess/SCADA: 9.2.1
Product Status:
known_affected
known_affected
Remediations
Vendor fix
Advantech recommends users apply the following mitigations update to WebAccess/SCADA: Version 9.2.2.
Relevant CWE: CWE-
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: