Lucene search

IcscertCVELIST:CVE-2023-4485

HistorySep 05, 2023 - 11:03 p.m.

CVE-2023-4485 ARDEREG Sistemas SCADA SQL Injection

2023-09-0523:03:57

CWE-89

icscert

www.cve.org

ardereg sistemas scada

sql injection

unauthenticated

attack

sensitive information

unauthorized access

data leakage

industrial processes

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

ARDEREG Sistema SCADA Central versions 2.203 and prior
login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application’s SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sistemas SCADA",
    "vendor": "ARDEREG",
    "versions": [
      {
        "lessThanOrEqual": "2.203",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-243-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

Related for CVELIST:CVE-2023-4485