VAR-201405-0282
Vulnerability from variot - Updated: 2023-12-18 13:03SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to construct read and write paths which can lead to SQL injection. An attacker may be able to leverage this vulnerability to achieve remote code execution. CSWorks is a software architecture for building WEB-based HMI, SCADA and M2M industrial automation solutions. CSWorks is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database. CSWorks 2.5.5050.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.7.5000.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "2.0.4115.1"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.4.3900.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.4.3860.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "2.0.4115.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.7.4050.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.4.3850.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.4.4000.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.6,
"vendor": "controlsystemworks",
"version": "1.4.3880.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.1.4560.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.5.4912.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.4.3830.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.1.3600.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.3560.0"
},
{
"model": "csworks",
"scope": "lte",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.5.5050.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.3540.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.601.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.612.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.720.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.3580.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.801.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.901.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.1.3700.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.1.3674.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.5.4770.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.5.4770.1"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.4.3820.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "2.1.4386.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.813.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.2.3800.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.0.623.0"
},
{
"model": "csworks",
"scope": "eq",
"trust": 1.0,
"vendor": "controlsystemworks",
"version": "1.2.3730.0"
},
{
"model": "csworks",
"scope": "lt",
"trust": 0.8,
"vendor": "csworks",
"version": "2.5.5233.0"
},
{
"model": "csworks",
"scope": null,
"trust": 0.7,
"vendor": "csworks",
"version": null
},
{
"model": "csworks",
"scope": "eq",
"trust": 0.6,
"vendor": "csworks",
"version": "2.x"
},
{
"model": "csworks",
"scope": "eq",
"trust": 0.6,
"vendor": "controlsystemworks",
"version": "2.5.5050.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.601.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.612.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.623.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.720.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.801.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.813.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.901.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.3540.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.3560.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.0.3580.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.1.3600.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.1.3674.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.1.3700.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.2.3730.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.2.3800.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3820.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3830.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3850.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3860.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3880.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.3900.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.4.4000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.7.4050.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "1.7.5000.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.0.4115.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.0.4115.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.1.4386.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.1.4560.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.5.4770.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.5.4770.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "2.5.4912.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "csworks",
"version": "*"
},
{
"model": "csworks",
"scope": "eq",
"trust": 0.3,
"vendor": "csworks",
"version": "2.0.41151"
},
{
"model": "csworks",
"scope": "eq",
"trust": 0.3,
"vendor": "csworks",
"version": "2.0.41150"
}
],
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "BID",
"id": "67427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.5.4770.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.1.4386.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.720.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.813.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.2.3730.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3820.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.7.4050.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.0.4115.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.5.4912.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.901.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.1.3600.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.1.3674.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.1.3700.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.5050.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.3560.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.3580.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.601.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.612.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3850.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3860.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3880.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3900.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.5.4770.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.1.4560.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.3540.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.623.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.0.801.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.2.3800.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.3830.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.4.4000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:1.7.5000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:controlsystemworks:csworks:2.0.4115.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2351"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Leitch",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-298"
}
],
"trust": 0.7
},
"cve": "CVE-2014-2351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2351",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2351",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-2351",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-383",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to construct read and write paths which can lead to SQL injection. An attacker may be able to leverage this vulnerability to achieve remote code execution. CSWorks is a software architecture for building WEB-based HMI, SCADA and M2M industrial automation solutions. CSWorks is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database. \nCSWorks 2.5.5050.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "BID",
"id": "67427"
},
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2351",
"trust": 4.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-135-01",
"trust": 2.4
},
{
"db": "BID",
"id": "67427",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2014-03157",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2191",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-298",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D769C41-463F-11E9-A9B8-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F996F9AA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "BID",
"id": "67427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"id": "VAR-201405-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
}
]
},
"last_update_date": "2023-12-18T13:03:36.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important: CSWorks security release 2.5.5233.0",
"trust": 0.8,
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/important-csworks-security-release-2552330"
},
{
"title": "CSWorks has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-01"
},
{
"title": "CSWorks LiveData Service Web API SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45759"
},
{
"title": "CSWorks-2.5.5233.0-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50013"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-135-01"
},
{
"trust": 2.2,
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/important-csworks-security-release-2552330"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67427"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2351"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2351"
},
{
"trust": 0.3,
"url": "http://www.controlsystemworks.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "BID",
"id": "67427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"db": "BID",
"id": "67427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-22T00:00:00",
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"date": "2014-05-22T00:00:00",
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"date": "2014-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"date": "2014-05-08T00:00:00",
"db": "BID",
"id": "67427"
},
{
"date": "2014-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"date": "2014-05-20T11:13:37.873000",
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"date": "2014-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-14-298"
},
{
"date": "2014-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03157"
},
{
"date": "2014-09-01T00:12:00",
"db": "BID",
"id": "67427"
},
{
"date": "2014-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002540"
},
{
"date": "2015-10-08T14:47:15.180000",
"db": "NVD",
"id": "CVE-2014-2351"
},
{
"date": "2014-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSWorks of LiveData In service SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002540"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7d769c41-463f-11e9-a9b8-000c29342cb1"
},
{
"db": "IVD",
"id": "f996f9aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-383"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…