{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7202","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2024-07-29T01:58:29.886Z","datePublished":"2024-07-29T03:11:27.355Z","dateUpdated":"2024-08-01T21:52:31.217Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"Web","product":"WinMatrix3","vendor":"Simopro Technology","versions":[{"lessThanOrEqual":"1.2.35.3","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-07-29T03:07:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}],"value":"The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2024-07-29T03:11:27.355Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html"},{"tags":["vendor-advisory"],"url":"https://www.twcert.org.tw/en/cp-139-7963-44648-2.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update WinMatrix3 Web package to 1.2.35.3 or later version."}],"value":"Update WinMatrix3 Web package to 1.2.35.3 or later version."}],"source":{"advisory":"TVN-202407013","discovery":"EXTERNAL"},"title":"Simopro Technology WinMatrix3 Web package - SQL Injection","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"simoprotechnology","product":"winmatrix3","cpes":["cpe:2.3:a:simoprotechnology:winmatrix3:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"1.2.35.3","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-29T13:13:39.396889Z","id":"CVE-2024-7202","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-30T16:07:44.862Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:52:31.217Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html"},{"tags":["vendor-advisory","x_transferred"],"url":"https://www.twcert.org.tw/en/cp-139-7963-44648-2.html"}]}]}}