There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions before 3.0.2) to gain access to sensitive information.
advantech webaccess\\/nms