There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated malicious user to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an malicious user to read or modify data on the remote database.