CNNVD-202512-3365 Information
CNNVD ID
CNNVD-202512-3365
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Advantech WebAccess/SCADA是中国研华(Advantech)公司的一套基于浏览器架构的SCADA软件。该软件支持动态图形显示和实时数据控制,并提供远程控制和管理自动化设备的功能。 Advantech WebAccess/SCADA存在代码问题漏洞,该漏洞源于无限制文件上传,可能导致远程执行任意代码。
Description (English)
Advantech WebAccess/SCADA is a SCADA software package based on the browser architecture of Advantech, China. The software supports dynamic graphic display and real-time data control, as well as the functions of remote control and management of automation equipment. Advantech WebAccess/SCADA had a code loophole, which stemmed from unlimited document uploading and could lead to remote implementation of any code.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
研华
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06
Patch
https://www.advantech.com/en-us/industrial-automation/webaccess/webaccessscada
Share on: