Advantech WebAccess/SCADA

Plan PatchCVSS 8.8ICS-CERT ICSA-25-352-06Dec 18, 2025

AdvantechEnergy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA version 9.2.1 contains path traversal, file upload, SQL injection, and symbolic link vulnerabilities that allow an authenticated attacker to read or modify the remote database. These vulnerabilities are present in the core application and are exploitable by users with valid credentials.

What this means

What could happen

An authenticated attacker could read or modify the SCADA database, potentially allowing them to alter process configurations, setpoints, or historical data that your operations staff rely on for decision-making.

Who's at risk

Energy utilities and any facility running Advantech WebAccess/SCADA version 9.2.1 for monitoring or controlling industrial processes. This affects operators, engineers, and system administrators who manage SCADA configurations and rely on database integrity.

How it could be exploited

An attacker with valid credentials to WebAccess/SCADA (such as an engineer account or compromised operator login) could exploit path traversal, file upload, or SQL injection vulnerabilities to access or alter the remote database that stores your control system configurations and operational data.

Prerequisites

Valid WebAccess/SCADA user credentials (engineer, operator, or administrator account)
Network access to the WebAccess/SCADA application on port typically 80/443

Requires valid credentialsCould allow database modificationAffects configuration integrityHigh CVSS score (8.8)

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA: 9.2.19.2.19.2.2

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess/SCADA to version 9.2.2 or later

CVEs (5)

CVE-2025-14850 CVE-2025-14849 CVE-2025-14848 CVE-2025-46268 CVE-2025-67653

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/507266ea-5a95-41b5-8add-4eb07c8c4975

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.