{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2453","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2024-03-14T15:12:14.027Z","datePublished":"2024-03-21T22:39:15.488Z","dateUpdated":"2024-08-01T19:11:53.526Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WebAccess/SCADA","vendor":"Advantech","versions":[{"status":"affected","version":"9.1.5U"}]}],"credits":[{"lang":"en","type":"finder","value":"CISA discovered a public proof of concept as authored by Prześlij Komentarz and reported it to Advantech."}],"datePublic":"2024-03-21T21:23:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.</span>\n\n"}],"value":"\nThere is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-03-21T22:39:38.185Z"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends updating WebAccess/SCADA to version 9.1.6 or higher to mitigate this vulnerability.</span>\n\n<br>"}],"value":"\nAdvantech recommends updating WebAccess/SCADA to version 9.1.6 or higher to mitigate this vulnerability.\n\n"}],"source":{"advisory":"ICSA-24-081-01","discovery":"EXTERNAL"},"title":"Advantech WebAccess/SCADA SQL Injection","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-08T15:03:48.290308Z","id":"CVE-2024-2453","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-08T19:52:58.826Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:11:53.526Z"},"title":"CVE Program Container","references":[{"tags":["government-resource","x_transferred"],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01"}]}]}}