CVE-2026-6888

Description

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Advantech / ECOWatch SaaS-Composerprior to version 3.4.17 – prior to version 3.4.17
Advantech / IoT Edge Linux dockerprior to version 2.2.0 – prior to version 2.2.0
Advantech / IoT Edge Windowsprior to version 2.2.0 – prior to version 2.2.0
Advantech / IoTSuite Growth Linux dockerprior to version 2.2.0 – prior to version 2.2.0
Advantech / IoTSuite Starter Linux dockerprior to version 2.2.0 – prior to version 2.2.0
Advantech / SaaS Composerprior to version 3.4.17 – prior to version 3.4.17
Advantech / WebAccess SaaS-Composerprior to version 3.4.17.1 – prior to version 3.4.17.1
Advantech / WebAccess/SCADAprior to version 9.2.3 – prior to version 9.2.3

References

VENDOR_ADVISORYhttps://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/