← back
CVE-2024-2453

Advantech WebAccess/SCADA SQL Injection

CVSS 6.4 MEDIUMEPSS 0.3%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
Advantech · WebAccess/SCADA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01