Login Sign Up

CVE-2025-14850

8.1 HIGH

📋 TL;DR

Advantech WebAccess/SCADA is vulnerable to directory traversal that allows attackers to delete arbitrary files on the system. This affects industrial control systems using Advantech's SCADA software, potentially disrupting critical operations.

💻 Affected Systems

Products:
  • Advantech WebAccess/SCADA
Versions: Versions prior to 9.1.5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations of WebAccess/SCADA on Windows systems.

📦 What is this software?

Webaccess\/scada by Advantech

View all CVEs affecting Webaccess\/scada →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to SCADA system failure and operational disruption in industrial environments.

🟠

Likely Case

Targeted deletion of configuration files, logs, or application data causing service disruption and potential data loss.

🟢

If Mitigated

Limited impact with proper network segmentation and file permission controls preventing access to critical system areas.

🌐 Internet-Facing: HIGH - WebAccess/SCADA systems exposed to internet are directly vulnerable to exploitation.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity and can be exploited with simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 9.1.5

Vendor Advisory: https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV

Restart Required: Yes

Instructions:

1. Download patch from Advantech support portal. 2. Backup current installation. 3. Run installer as administrator. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SCADA systems from untrusted networks and internet access

File Permission Restrictions

windows

Apply strict file permissions to limit WebAccess service account access

icacls C:\WebAccess /deny WebAccessUser:(OI)(CI)(DE)

🧯 If You Can't Patch

  • Implement strict network access controls to limit connections to SCADA systems
  • Deploy application whitelisting to prevent unauthorized file deletion operations

🔍 How to Verify

Check if Vulnerable:

Check WebAccess/SCADA version in Control Panel > Programs and Features

Check Version:

wmic product where name="Advantech WebAccess" get version

Verify Fix Applied:

Verify version shows 9.1.5 or higher after patch installation

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in Windows Event Logs
  • WebAccess logs showing directory traversal patterns

Network Indicators:

  • HTTP requests containing ../ patterns to WebAccess endpoints
  • Unusual file deletion requests to SCADA web interface

SIEM Query:

source="windows_security" EventID=4663 ObjectType="File" AccessMask="0x10000" | where ObjectName contains ".."

📊 Metadata

CVE ID: CVE-2025-14850
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
EPSS Score: 0.48% exploit probability (64.4th percentile)
Published: December 18, 2025
Last Updated: December 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14850, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)