Sql injection

2020-10-1519:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.

CPENameOperatorVersion
desigo_insighteq6.0 sp2
desigo_insighteq6.0 sp3
desigo_insighteq6.0 sp5
desigo_insighteq6.0
desigo_insightlt6.0

Name	Operator	Version
desigo_insight	eq	6.0 sp2
desigo_insight	eq	6.0 sp3
desigo_insight	eq	6.0 sp5
desigo_insight	eq	6.0
desigo_insight	lt	6.0

References

cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf

us-cert.cisa.gov/ics/advisories/icsa-20-287-05