CVE-2023-1934
CVE-2023-1934
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.8EPSS 8.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
12 may 2023Publicada en NVD
23 may 2023PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
SDG Technologies · PnPSCADAPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/172511/PnPSCADA-2.x-SQL-Injection.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51448no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →