BACK TO NEWS
CERT AdvisoriesLow

Critical Vulnerabilities in Advantech WebAccess/SCADA Expose Industrial Systems to Attacks

2 min readSource: CISA Cybersecurity Advisories

CISA warns of high-severity flaws in Advantech WebAccess/SCADA (CVE-2025-28004, CVE-2025-28005) enabling authenticated attackers to manipulate remote databases.

Critical Flaws in Advantech WebAccess/SCADA Threaten Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed two high-severity vulnerabilities in Advantech WebAccess/SCADA, a widely used industrial automation software suite. If exploited, these flaws could allow authenticated attackers to read or modify remote databases, potentially disrupting critical operational technology (OT) environments.

Technical Details of the Vulnerabilities

The advisory (ICSA-25-352-06) identifies the following affected versions:

  • WebAccess/SCADA versions 9.1.6 and prior

The vulnerabilities are tracked as:

  • CVE-2025-28004 (CVSS score pending) – Allows authenticated attackers to read sensitive data from remote databases.
  • CVE-2025-28005 (CVSS score pending) – Permits authenticated attackers to modify or delete database records.

CISA’s advisory includes a CSAF (Common Security Advisory Framework) document with additional technical details for security teams.

Impact Analysis

Successful exploitation of these vulnerabilities could lead to:

  • Unauthorized access to sensitive industrial data, including configuration settings and operational logs.
  • Manipulation of critical database records, potentially causing system malfunctions or safety incidents in OT environments.
  • Lateral movement within industrial networks, as compromised databases may serve as a foothold for further attacks.

Given the software’s deployment in energy, manufacturing, and water treatment sectors, these flaws pose a significant risk to industrial control systems (ICS).

Mitigation and Recommendations

CISA urges organizations using affected versions of Advantech WebAccess/SCADA to:

  1. Apply patches or updates as soon as Advantech releases them.
  2. Restrict database access to authorized personnel only, enforcing least-privilege principles.
  3. Monitor for suspicious activity, particularly unauthorized database queries or modifications.
  4. Segment OT networks to limit the potential impact of an exploit.

Security teams should review the full advisory (ICSA-25-352-06) and the accompanying CSAF document for further guidance.

For ongoing updates, follow CISA’s ICS Advisories page.

Share

TwitterLinkedIn