CVE-2026-6888 - Vulnerability Details - OpenCVE

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Advantech	Ecowatch Saas-composer Iot Edge Linux Docker Iot Edge Windows Iotsuite Growth Linux Docker Iotsuite Starter Linux Docker Saas Composer Webaccess/scada Webaccess Saas-composer

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/

History

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Advantech Advantech ecowatch Saas-composer Advantech iot Edge Linux Docker Advantech iot Edge Windows Advantech iotsuite Growth Linux Docker Advantech iotsuite Starter Linux Docker Advantech saas Composer Advantech webaccess/scada Advantech webaccess Saas-composer
Vendors & Products		Advantech Advantech ecowatch Saas-composer Advantech iot Edge Linux Docker Advantech iot Edge Windows Advantech iotsuite Growth Linux Docker Advantech iotsuite Starter Linux Docker Advantech saas Composer Advantech webaccess/scada Advantech webaccess Saas-composer

Wed, 13 May 2026 05:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-89

Wed, 13 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.
Title		SQL Injection Vulnerability
References		https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CSA

Published: 2026-05-13T03:16:24.701Z

Updated: 2026-05-13T03:16:24.701Z

Reserved: 2026-04-23T02:58:12.750Z

Link: CVE-2026-6888

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6888", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2026-04-23T02:58:12.750Z", "datePublished": "2026-05-13T03:16:24.701Z", "dateUpdated": "2026-05-13T03:16:24.701Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-05-13T03:16:24.701Z"}, "title": "SQL Injection Vulnerability", "datePublic": "2026-05-13T02:54:00.000Z", "affected": [{"vendor": "Advantech", "product": "SaaS Composer", "versions": [{"status": "affected", "version": "prior to version 3.4.17"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "IoTSuite Growth Linux docker", "versions": [{"status": "affected", "version": "prior to version 2.2.0"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "IoTSuite Starter Linux docker", "versions": [{"status": "affected", "version": "prior to version 2.2.0"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "IoT Edge Linux docker", "versions": [{"status": "affected", "version": "prior to version 2.2.0"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "IoT Edge Windows", "versions": [{"status": "affected", "version": "prior to version 2.2.0"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "WebAccess/SCADA", "versions": [{"status": "affected", "version": "prior to version 9.2.3"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "WebAccess SaaS-Composer", "versions": [{"status": "affected", "version": "prior to version 3.4.17.1"}], "defaultStatus": "unknown"}, {"vendor": "Advantech", "product": "ECOWatch SaaS-Composer", "versions": [{"status": "affected", "version": "prior to version 3.4.17"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.</p>"}]}], "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\n\n\n\n\n\nFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech\u00a0 here\u00a0 https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for\nthe official release of the fixed version.\n\n\n\n\n\nFor IoTSuite Starter Linux docker,\nplease refer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\n\n\n\n\nFor IoT Edge Linux docker, please\nrefer to the update guide\u00a0 here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .\n\n\n\n\n\nFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide here https://www.advantech.com/en/support/details/installation .", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.</p>\n\n<p>For SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech <a href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\">here </a>for\nthe official release of the fixed version.</p>\n\n<p>For IoTSuite Starter Linux docker,\nplease refer to the update guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.</p>\n\n<p>For IoT Edge Linux docker, please\nrefer to the update guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.</p>\n\n<p>For WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide <a href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">here</a>.</p>"}]}], "credits": [{"lang": "en", "value": "Hoa Ly Van Huu", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}