Lucene search

[email protected]CVE-2023-6097

HistoryNov 13, 2023 - 1:15 p.m.

CVE-2023-6097

2023-11-1313:15:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

ics business manager

remote attack

database vulnerability

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.

Affected configurations

Vulners

NVD

Node

icssolutionics_business_managerRange≤7.06.0028.7089

icssolutionics_business_managerRange≤7.06.0028.7066

icssolutionics_business_managerRange≤7.06.0028.2802

VendorProductVersionCPE
icssolutionics_business_manager*cpe:2.3:a:icssolution:ics_business_manager:*:*:*:*:*:*:*:*
icssolutionics_business_manager*cpe:2.3:a:icssolution:ics_business_manager:*:*:*:*:*:*:*:*
icssolutionics_business_manager*cpe:2.3:a:icssolution:ics_business_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icssolution	ics_business_manager	*	cpe:2.3:a:icssolution:ics_business_manager::::::::
icssolution	ics_business_manager	*	cpe:2.3:a:icssolution:ics_business_manager::::::::
icssolution	ics_business_manager	*	cpe:2.3:a:icssolution:ics_business_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ICS Business Manager",
    "vendor": "ICSSolution",
    "versions": [
      {
        "status": "affected",
        "version": "7.06.0028.7089"
      },
      {
        "status": "affected",
        "version": "7.06.0028.7066"
      },
      {
        "status": "affected",
        "version": "7.06.0028.2802"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

Related for CVE-2023-6097

nvd1 cvelist1 prion1