Improper Neutralization of Special Elements in Data Query Logic

CVE-2024-4872

High

9.9/10

Summary

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References

Advisory Timeline

Published Aug 27, 2024

Improper Neutralization of Special Elements in Data Query Logic

CVE-2024-4872

Summary

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS