Advantech Products SQL Injection Vulnerability Allowing Arbitrary Command Execution

A SQL injection vulnerability has been identified in multiple Advantech products, including SaaS Composer, IoTSuite Growth and Starter Linux docker, IoT Edge Linux docker and Windows, WebAccess/SCADA, and ECOWatch. This vulnerability affects several different versions prior to the latest releases. Successful exploitation could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially leading to unauthorized access, modification, or deletion of sensitive information within the database.

Impact

Exploitation of this vulnerability could allow for arbitrary command execution, with the potential to access, modify, or delete sensitive database information.

Remediation

Users and administrators are advised to update to the latest versions. Specific update instructions are available for each affected product on the Advantech website or through their technical support channels.