PatchSiren cyber security CVE debrief

CVE-2025-46268 Advantech CVE debrief

A SQL injection vulnerability in Advantech WebAccess/SCADA could allow authenticated attackers to execute arbitrary SQL commands. CISA published advisory ICSA-25-352-06 on 2025-12-18 with a vendor fix available.

Vendor: Advantech
Product: WebAccess/SCADA
CVSS: MEDIUM 6.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-12-18
Original CVE updated: 2025-12-18
Advisory published: 2025-12-18
Advisory updated: 2025-12-18

Who should care

Organizations operating Advantech WebAccess/SCADA in industrial environments, critical infrastructure operators, OT security teams, and asset owners responsible for SCADA system maintenance.

Technical summary

CVE-2025-46268 is a SQL injection vulnerability in Advantech WebAccess/SCADA. The vulnerability requires low attack complexity and low privileges (PR:L), with network attack vector (AV:N). Successful exploitation allows attackers to execute arbitrary SQL commands, potentially compromising confidentiality, integrity, and availability of the SCADA database. CVSS 3.1: 6.3 (MEDIUM). Advantech has released version 9.2.2 to address this issue.

Defensive priority

medium

Recommended defensive actions

Update Advantech WebAccess/SCADA to version 9.2.2 or later per vendor guidance
Apply network segmentation for ICS/SCADA systems per CISA recommended practices
Review and restrict database account privileges to limit SQL injection impact
Monitor for anomalous database queries and authentication patterns
Implement input validation and parameterized queries where custom code interfaces with the product

Evidence notes

CISA CSAF advisory ICSA-25-352-06 identifies SQL injection in WebAccess/SCADA with CVSS 3.1 score 6.3 (MEDIUM). The advisory specifies affected product and provides vendor remediation guidance.

Official resources

CISA disclosed this vulnerability on 2025-12-18 via CSAF advisory ICSA-25-352-06. The vendor has released a patched version.