Advantech WebAccess/SCADA

Plan Patch8.8ICS-CERT ICSA-25-352-06Dec 18, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA versions up to 9.2.1 contain directory traversal, file upload, and path traversal vulnerabilities (CWE-22, CWE-434, CWE-36, CWE-89) that allow authenticated users to read or modify the remote database without proper authorization controls. An attacker with valid application credentials could access sensitive configuration data, historical records, or alarm settings, and could potentially inject malicious database commands.

What this means

What could happen

An authenticated attacker could read sensitive data from or modify the SCADA database, potentially altering process configurations, historical data, or alarm settings critical to energy operations.

Who's at risk

Energy sector operators running Advantech WebAccess/SCADA version 9.2.1, particularly those using it for data acquisition, process monitoring, or alarm management in power generation, transmission, or distribution systems.

How it could be exploited

An attacker with valid WebAccess/SCADA user credentials can exploit a directory traversal, file upload, or path traversal vulnerability to access the backend database without proper authorization. The attacker could then read sensitive operational data or inject malicious SQL commands to modify database contents.

Prerequisites

Valid WebAccess/SCADA user credentials (engineering or operator account)
Network access to the WebAccess/SCADA application
Version 9.2.1 or earlier deployed

Requires valid credentials but user accounts are commonHigh CVSS score (8.8)Database access could expose or corrupt operational dataAffects historian and configuration data critical to energy operations

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA: 9.2.19.2.19.2.2

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess/SCADA to version 9.2.2 or later

CVEs (5)

CVE-2025-14850 CVE-2025-14849 CVE-2025-14848 CVE-2025-46268 CVE-2025-67653

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/507266ea-5a95-41b5-8add-4eb07c8c4975