轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202607-00000001
[內容說明]
【研華科技|Hospital Queuing Management 】(CVE-2026-14162,CVSS:9.8)
未經身分鑑別之遠端攻擊者可利用API取得機敏資訊或新增網站管理員帳號。
[影響平台]
Hospital Queuing Management(HQM) ISO 1.2.13(不含)以前版本
[建議措施]
請更新HQM ISO至 1.2.13(含)以後版本或更新QueueHttp.dll至1.2.12.7(含)以後版本
[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html
Forwarded Taiwan Computer Emergency Response Team / Coordination Center Security Advisory Alert TWCERTCC-200-202607-00000001
[Description]
【Advantech|Hospital Queuing Management 】(CVE-2026-14162,CVSS:9.8)
Unauthenticated remote attackers can exploit the API to obtain sensitive information or create website administrator accounts.
[Affected Platform]
Hospital Queuing Management(HQM) ISO versions prior to 1.2.13 (not including)
[Recommendations]
Please update HQM ISO to version 1.2.13 (including) or later, or update QueueHttp.dll to version 1.2.12.7 (including) or later
[References]
1.https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html