Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to
execute arbitrary commands via a specific interface,
potentially enabling the attacker to access, modify, or delete sensitive
information within the database.
Users and administrators of
affected product versions are advised to update to the latest versions
immediately.
For SaaS Composer, IoTSuite Growth
Linux docker, IoT Edge Windows, and ECOWatch please contact Advantech here https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for
the official release of the fixed version.
For IoTSuite Starter Linux docker,
please refer to the update guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .
As the update involves a reinstallation process, please refer to the
reinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .
For IoT Edge Linux docker, please
refer to the update guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .
As the update involves a reinstallation process, please refer to the
reinstallation guide here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .
For WebAccess/SCADA and WebAccess
SaaS-Composer, please refer to the update guide here https://www.advantech.com/en/support/details/installation .