CVE-2025-46268: Advantech WebAccess/SCADA SQL Injection
Published Dec 18, 2025
·Updated
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
Affected Software
2 affected components
Advantech WebAccess/SCADA
Advantech Webaccess\/scada=9.2.1
Remediation
Information
Advantech recommends users apply the following mitigations and update to WebAccess/SCADA: Version 9.2.2 https://www.advantech.com/en-us/support/details/installation .
Event History
Dec 18, 2025
CVE Published
via MITRE·08:35 PM
Data Sourced
via MITRE·08:35 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Sep 3, 57970
Event
via NVD·12:43 AM
Frequently Asked Questions
1
What is the severity of CVE-2025-46268?
CVE-2025-46268 is rated as high severity due to the potential for an attacker to execute arbitrary SQL commands.
2
How do I fix CVE-2025-46268?
To fix CVE-2025-46268, update your Advantech WebAccess/SCADA software to the latest version that addresses the SQL injection vulnerability.
3
What types of attacks can exploit CVE-2025-46268?
CVE-2025-46268 can be exploited to perform SQL injection attacks, allowing attackers to manipulate the database.
4
Which versions of Advantech WebAccess/SCADA are affected by CVE-2025-46268?
All versions of Advantech WebAccess/SCADA that have not been patched are susceptible to CVE-2025-46268.
5
What are the potential consequences of exploiting CVE-2025-46268?
Exploiting CVE-2025-46268 may lead to unauthorized data access, data corruption, or complete system compromise.