Lucene search

[email protected]NVD:CVE-2023-4485

HistorySep 06, 2023 - 12:15 a.m.

CVE-2023-4485

2023-09-0600:15:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-4485

unauthenticated sql injection

database vulnerability

industrial security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.5%

JSON

ARDEREG Sistema SCADA Central versions 2.203 and prior
login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application’s SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.

Affected configurations

NVD

Node

arderegsistemas_scadaRange≤2.203

References

www.cisa.gov/news-events/ics-advisories/icsa-23-243-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for NVD:CVE-2023-4485

ics1 cve1 prion1 cvelist1