Multiple Critical Vulnerabilities in Advantech WebAccess/SCADA
Advantech WebAccess/SCADA has been found to contain several critical vulnerabilities, including an unrestricted file upload flaw (CVE-2025-14849) and a directory traversal vulnerability (CVE-2025-14850). The unrestricted file upload issue could allow a remote attacker to execute arbitrary code on affected systems, while the directory traversal flaw may enable attackers to delete arbitrary files. Both vulnerabilities are remotely exploitable and have been assigned high CVSS scores, indicating significant risk to organizations using this software in critical infrastructure sectors.
CISA has issued an advisory confirming that these vulnerabilities affect Advantech WebAccess/SCADA version 9.2.1, and recommends updating to version 9.2.2 to mitigate the risks. The vulnerabilities impact organizations in sectors such as critical manufacturing, energy, and water and wastewater, with deployments worldwide. Exploitation of these flaws could allow authenticated attackers to read or modify remote databases, potentially leading to severe operational disruptions.
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Multiple Industrial Control System Vulnerabilities Disclosed by CISA
CISA released a coordinated set of advisories detailing newly discovered vulnerabilities affecting a range of industrial control system (ICS) products from vendors including Advantech, Johnson Controls, Mitsubishi Electric, and SolisCloud. The vulnerabilities include a critical SQL injection flaw in Advantech iView (CVE-2025-13373), improper certificate expiration validation in Johnson Controls iSTAR (CVE-2025-61736), cleartext storage of sensitive information in Mitsubishi Electric GX Works2 (CVE-2025-3784), a forced browsing vulnerability in Johnson Controls OpenBlue Mobile Web Application (CVE-2025-26381), and an authorization bypass in SolisCloud Monitoring Platform (CVE-2025-13932). These flaws could allow attackers to access or modify sensitive data, disrupt communications, or gain unauthorized access to critical infrastructure systems. CISA's advisories provide technical details, affected product versions, and recommended mitigations, such as software updates and network segmentation, to reduce the risk of exploitation. The vulnerabilities impact products deployed globally across sectors such as critical manufacturing, energy, commercial facilities, and government services. Some advisories note that fixes are available, while others indicate that patches are still under development or that vendors have not responded to coordination efforts. CISA urges organizations using these products to review the advisories and implement recommended mitigations to protect against potential attacks targeting these ICS environments.
3 months agoMultiple ICS Vulnerabilities Disclosed in November 2025 CISA Advisories
CISA published four new advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from Advantech, Ubia, and ABB. The vulnerabilities include improper input neutralization, path traversal, use of hard-coded credentials, insufficiently protected credentials, and improper validation of input types. Exploitation of these flaws could allow attackers to achieve remote code execution, denial-of-service, unauthorized access to camera feeds, or full remote control of affected devices. The impacted products are Advantech DeviceOn/iEdge (v2.0.2 and prior), Ubia Ubox (v1.1.124), and multiple ABB FLXeon controller models (various versions up to 9.3.5). CISA recommends immediate review of the technical details and implementation of mitigations provided in the advisories. Notably, the Ubia Ubox vulnerability remains uncoordinated with the vendor, increasing risk for users. Organizations using these ICS products should prioritize patching, restrict network exposure, and follow CISA's defensive measures to minimize exploitation risk. The advisories underscore the ongoing threat to critical infrastructure posed by vulnerabilities in widely deployed ICS equipment.
4 months agoCISA Adds OpenPLC ScadaBR Vulnerabilities to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities affecting OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the active exploitation risk these flaws pose to federal and private sector networks. The most recent addition is CVE-2021-26828, an unrestricted file upload vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files on both Linux and Windows versions of OpenPLC ScadaBR. An additional vulnerability, CVE-2021-26829, a cross-site scripting (XSS) flaw, was also recently added to the catalog, impacting similar versions of the software. CISA has mandated that federal agencies remediate these vulnerabilities by December 24, 2025, in accordance with Binding Operational Directive 22-01, and strongly encourages private organizations to do the same to mitigate the risk of exploitation. These vulnerabilities are considered significant attack vectors for malicious cyber actors, as they can enable remote code execution and compromise of industrial control systems. The KEV catalog serves as a prioritized list for vulnerability management, and CISA's advisories stress the importance of timely remediation to protect critical infrastructure. Organizations are urged to review the KEV catalog and address these vulnerabilities promptly to reduce their exposure to active threats targeting OpenPLC ScadaBR deployments.
3 months ago