CVE-2025-52694
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Advantech | IoTSuite and IoT Edge Products | SaaSComposer prior to version V3.4.15 | affected |
| Advantech | IoTSuite and IoT Edge Products | IoTSuite Growth Linux docker prior to version V2.0.2 | affected |
| Advantech | IoTSuite and IoT Edge Products | IoTSuite Starter Linux docker prior to version V2.0.2 | affected |
| Advantech | IoTSuite and IoT Edge Products | IoT Edge Linux docker prior to version V2.0.2 | affected |
| Advantech | IoTSuite and IoT Edge Products | IoT Edge Windows prior to version V2.0.2 | affected |
| Advantech | IoTSuite and IoT Edge Products | WebAccess/SCADA prior to version V9.2.2 | affected |
| Advantech | IoTSuite and IoT Edge Products | WebAccess SaaS-Composer prior to version 3.4.15.1 | affected |
| Advantech | IoTSuite and IoT Edge Products | ECOWatch SaaS-Composer prior to version 3.4.15 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.