CVE-2024-2453 MEDIUM

CVE-2024-2453: Advantech WebAccess/SCADA SQL Injection

Vendor Advantech

Product WebAccess/SCADA

Weakness CWE-89 · SQLi

Published March 21, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.

Key dates

02Disclosure timeline

March 21, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2453

Related vulnerabilities

04Related CVE

CVE-2024-13595 Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection CVE-2024-1197 SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection CVE-2016-15050 Nagios XI < 5.2.4 SQL Injection in Notification Search CVE-2025-4021 code-projects Patient Record Management System edit_spatient.php sql injection CVE-2025-8438 code-projects Wazifa System postpublish.php sql injection