cbcvebase.
CVE-2023-1934
published 2023-05-12

CVE-2023-1934: The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present…

PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
8.08%
94.1th percentile
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
sdgpnpscada
sdg_technologiespnpscada

Detection & IOCsextracted from sources · hover to see the quote

url/hitlogcsv.jsp
path/hitlogcsv.isp?userids=1337'&startdate=2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00
  • Monitor for unauthenticated GET requests to the hitlogcsv.jsp (or hitlogcsv.isp) endpoint containing a single-quote character in the 'userids' parameter, indicative of error-based SQL injection probing.
  • Alert on PostgreSQL error messages returned in HTTP responses from the PnPSCADA hitlogcsv endpoint, as the vulnerability is error-based and leaks database output passively.
  • Flag any unauthenticated requests (no session/auth cookie) to /hitlogcsv.jsp or /hitlogcsv.isp with SQL metacharacters (e.g., single quote) in query parameters userids, startdate, or enddate.
  • ·The exploit PoC uses the endpoint path '/hitlogcsv.isp' (with a trailing 'p' as 'isp') rather than the '.jsp' extension referenced in the CVE description — detection rules should match both variants.
  • ·Affected scope is PnPSCADA v2.x across all platforms (cross-platform); version scoping in detection/asset inventory should cover all v2.* deployments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.