Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in Advantech Products

13 May 2026

CSA has issued a CVE ID to a vulnerability reported in Advantech products as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Background

CSA has issued a CVE ID (CVE-2026-6888) to a vulnerability in Advantech products. The product owner, Advantech, an IoT intelligent systems and embedded platform service provider, has released security updates to address it.

Impact

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

Affected Products

The vulnerability affects the following Advantech products:

  • SaaS Composer prior to version 3.4.17

  • IoTSuite Growth Linux docker prior to version 2.2.0

  • IoTSuite Starter Linux docker prior to version 2.2.0

  • IoT Edge Linux docker prior to version 2.2.0

  • IoT Edge Windows prior to version 2.2.0

  • WebAccess/SCADA prior to version 9.2.3

  • WebAccess SaaS-Composer prior to version 3.4.17.1

  • ECOWatch SaaS-Composer prior to version 3.4.17

Mitigation

Users and administrators of affected product versions are advised to update to the latest versions immediately.

For SaaS Composer, IoTSuite Growth Linux docker, IoT Edge Windows, and ECOWatch please contact Advantech here for the official release of the fixed version.

For IoTSuite Starter Linux docker, please refer to the update guide here. As the update involves a reinstallation process, please refer to the reinstallation guide here.

For IoT Edge Linux docker, please refer to the update guide here. As the update involves a reinstallation process, please refer to the reinstallation guide here.

For WebAccess/SCADA and WebAccess SaaS-Composer, please refer to the update guide here.

Special Thanks to:

  • Informer: Hoa Ly Van Huu, HCMUTE Information Security Club

  • Product Owner: Advantech

References

https://www.advantech.com/en/security-advisory

Back to top