ID
VAR-202511-1363
CVE
CVE-2025-34243
TITLE
Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability
Trust: 0.6
DESCRIPTION
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from improper handling of datatable search parameters in the AjaxFwRulesController.ajaxNetworkFwRulesAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess\/vpn | scope: | lt | version: | 1.1.5 | Trust: 1.0 |
| vendor: | advantech | model: | webaccess/vpn | scope: | lt | version: | 1.1.5 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.0 |
PATCH
| title: | Patch for Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/782966 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-34243 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-31068 | Trust: 0.6 |
REFERENCES
| url: | https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxfwrulescontroller-ajaxnetworkfwrulesaction | Trust: 1.0 |
| url: | https://icr.advantech.com/download/software | Trust: 1.0 |
| url: | https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-34243 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-31068 |
| db: | NVD | id: | CVE-2025-34243 |
LAST UPDATE DATE
2025-12-20T23:37:30.171000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-31068 | date: | 2025-12-19T00:00:00 |
| db: | NVD | id: | CVE-2025-34243 | date: | 2025-11-28T16:58:17.007 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-31068 | date: | 2025-12-18T00:00:00 |
| db: | NVD | id: | CVE-2025-34243 | date: | 2025-11-06T20:15:48.410 |