GCVE - cpe:2.3:a:advantech:webaccess\/scada:9.2.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:advantech:webaccess\/scada:9.2.1:*:*:*:*:*:*:*

part: a version: 9.2.1 update: *

Vendor	Advantech (`fedf766b-bee1-5692-bcc7-1aa8d9dc594c`)
Product	Webaccess/Scada (`eb40415d-1b79-5946-ba6d-49672f3502af`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-67653`	vulnerable	2026-06-03 15:11:02.157477	Advantech WebAccess/SCADA Path Traversal MEDIUM (4.3) Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files. Published: 2025-12-18T20:38:12.958Z Updated: 2025-12-18T21:46:25.952Z Open on db.gcve.eu Reference links https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-46268`	vulnerable	2026-06-03 15:01:19.396599	Advantech WebAccess/SCADA SQL Injection MEDIUM (6.3) Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands. Published: 2025-12-18T20:35:36.866Z Updated: 2025-12-18T21:46:32.063Z Open on db.gcve.eu Reference links https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14850`	vulnerable	2026-06-03 14:58:56.039516	Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory HIGH (8.1) Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files. Published: 2025-12-18T20:30:56.575Z Updated: 2025-12-18T21:46:52.446Z Open on db.gcve.eu Reference links https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14849`	vulnerable	2026-06-03 14:58:56.039020	Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type HIGH (8.8) Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code. Published: 2025-12-18T20:32:38.746Z Updated: 2025-12-18T21:46:46.491Z Open on db.gcve.eu Reference links https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14848`	vulnerable	2026-06-03 14:58:56.038553	Advantech WebAccess/SCADA Absolute Path Traversal MEDIUM (4.3) Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files. Published: 2025-12-18T20:34:03.497Z Updated: 2025-12-18T21:46:40.178Z Open on db.gcve.eu Reference links https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.