CNNVD-202512-3371 Information
CNNVD ID
CNNVD-202512-3371
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Advantech WebAccess/SCADA是中国研华(Advantech)公司的一套基于浏览器架构的SCADA软件。该软件支持动态图形显示和实时数据控制,并提供远程控制和管理自动化设备的功能。 Advantech WebAccess/SCADA存在安全漏洞,该漏洞源于绝对路径遍历,可能导致确定任意文件存在。
Description (English)
Advantech WebAccess/SCADA is a SCADA software package based on the browser architecture of Advantech, China. The software supports dynamic graphic display and real-time data control, as well as the functions of remote control and management of automation equipment. There is a security loophole in Advantech WebAccess/SCADA, which stems from an absolute routing, which may lead to the establishment of an arbitrary document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06
Patch
https://www.advantech.com/en-us/industrial-automation/webaccess/webaccessscada
Share on: