CVE-2024-2453
published 2024-03-21CVE-2024-2453: There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the…
PriorityP340medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EPSS
0.30%
21.6th percentile
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess_scada | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess/SCADA
cisa_ics·2024-03-21·CVSS 6.4
[MEDIUM] Advantech WebAccess/SCADA
ICS Advisory
##
Advantech WebAccess/SCADA
Release DateMarch 21, 2024
Alert CodeICSA-24-081-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Advantech
- Equipment: WebAccess/SCADA
- Vulnerability: SQL Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated attacker to read or modify a remote database.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Advantech WebAccess/SCADA, a browser-based SCADA software, are affected:
- WebAccess/SCADA: Version 9.1.5U
## 3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
GHSA
GHSA-qfcj-f85q-hxf4: There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the
ghsa_unreviewed·2024-03-22
CVE-2024-2453 [MEDIUM] CWE-89 GHSA-qfcj-f85q-hxf4: There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-21
Published