CVE-2024-2453

{"id": "CVE-2024-2453", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}]}, "published": "2024-03-21T23:15:11.400", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "\nThere is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el software Advantech WebAccess/SCADA que permite a un atacante autenticado inyectar c\u00f3digo SQL de forma remota en la base de datos. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante leer o modificar datos en la base de datos remota."}], "lastModified": "2024-03-22T12:45:36.130", "sourceIdentifier": "ics-cert@hq.dhs.gov"}