CVE-2026-6888

Summary

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

Affected Software

VendorProductVersion RangeStatus
AdvantechSaaS Composerprior to version 3.4.17affected
AdvantechIoTSuite Growth Linux dockerprior to version 2.2.0affected
AdvantechIoTSuite Starter Linux dockerprior to version 2.2.0affected
AdvantechIoT Edge Linux dockerprior to version 2.2.0affected
AdvantechIoT Edge Windowsprior to version 2.2.0affected
AdvantechWebAccess/SCADAprior to version 9.2.3affected
AdvantechWebAccess SaaS-Composerprior to version 3.4.17.1affected
AdvantechECOWatch SaaS-Composerprior to version 3.4.17affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References