CNNVD-202512-3347 Information
CNNVD ID
CNNVD-202512-3347
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Advantech WebAccess/SCADA是中国研华(Advantech)公司的一套基于浏览器架构的SCADA软件。该软件支持动态图形显示和实时数据控制,并提供远程控制和管理自动化设备的功能。 Advantech WebAccess/SCADA存在路径遍历漏洞,该漏洞源于目录遍历,可能导致确定任意文件存在。
Description (English)
Advantech WebAccess/SCADA is a SCADA software package based on the browser architecture of Advantech, China. The software supports dynamic graphic display and real-time data control, as well as the functions of remote control and management of automation equipment. Advantech WebAccess/SCADA has a loophole in its path, which originates in the directory, which may lead to the establishment of the existence of any document.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
研华
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06
Patch
https://www.advantech.com/en-us/industrial-automation/webaccess/webaccessscada
Share on: