Search criteria
1 vulnerability by CSWorks
CVE-2014-2351 (GCVE-0-2014-2351)
Vulnerability from cvelistv5 – Published: 2014-05-20 10:00 – Updated: 2025-10-03 16:17
VLAI?
Summary
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
John Leitch, working with HP’s Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSWorks",
"vendor": "CSWorks",
"versions": [
{
"lessThanOrEqual": "2.5.5050.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.5.5233.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Leitch, working with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-05-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.\u003c/p\u003e"
}
],
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:17:47.843Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/DownloadDescription.aspx\"\u003ehttp://www.controlsystemworks.com/DownloadDescription.aspx\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\"\u003ehttp://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u00a0 http://www.controlsystemworks.com/DownloadDescription.aspx \u00a0.\n\nFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u00a0 http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
}
],
"source": {
"advisory": "ICSA-14-135-01",
"discovery": "EXTERNAL"
},
"title": "CSWorks SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"name": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330",
"refsource": "CONFIRM",
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2351",
"datePublished": "2014-05-20T10:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T16:17:47.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}