CVE-2014-2351

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01	US Government Resource
http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330	Vendor Advisory
http://www.securityfocus.com/bid/67427
http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01	US Government Resource
http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330	Vendor Advisory
http://www.securityfocus.com/bid/67427

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:controlsystemworks:csworks::::::::
	cpe:2.3:a:controlsystemworks:csworks:1.0.601.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.612.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.623.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.720.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.801.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.813.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.901.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.3540.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.3560.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.0.3580.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.1.3600.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.1.3674.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.1.3700.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.2.3730.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.2.3800.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3820.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3830.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3850.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3860.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3880.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.3900.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.4.4000.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.7.4050.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:1.7.5000.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.0.4115.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.0.4115.1:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.1.4386.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.1.4560.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.5.4770.0:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.5.4770.1:::::::*
	cpe:2.3:a:controlsystemworks:csworks:2.5.4912.0:::::::*

History

21 Nov 2024, 02:06

Type	Values Removed	Values Added
References	~~() http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01 - US Government Resource~~	() http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01 - US Government Resource
References	~~() http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330 - Vendor Advisory~~	() http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/67427 -~~	() http://www.securityfocus.com/bid/67427 -

Information

Published : 2014-05-20 11:13

Updated : 2025-04-12 10:46

NVD link : CVE-2014-2351

Mitre link : CVE-2014-2351

CVE.ORG link : CVE-2014-2351

JSON object : View

Products Affected

controlsystemworks

csworks

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2014-2351", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-20T11:13:37.873", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/67427", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/67427", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el servicio LiveData en CSWorks anterior a 2.5.5233.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores relacionados con nombres de rutas contenidos en solicitudes API web."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:controlsystemworks:csworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE43F29-CC4E-403B-AED7-5B9D01027183", "versionEndIncluding": "2.5.5050.0"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.601.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10DCB21-0871-48B4-973F-644D3D67452A"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.612.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6480D5C-87DA-4932-B896-5BCB96BAE93F"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.623.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43512F0F-1A2B-40D6-B6D3-BDDA2EB8FE73"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.720.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C20287C-9659-4785-B3E2-0F2384D1DF40"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.801.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86ECDDB-3306-46AC-8BAA-40F5B2CF8B02"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.813.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66BA50E-2BA9-4AF0-8EF8-5ACFB59F0ED4"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.901.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E06A8C5C-4E93-48C4-9693-E42A6E3C8EFE"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.3540.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0A7A01C-5E87-42CB-B208-55D8AEF310F5"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.3560.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93461758-9E8E-4045-9843-312985E58150"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.0.3580.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "802D62B8-079E-41AA-8780-15E28704CE1F"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.1.3600.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3630EDC-A128-451B-BA13-0EEA227FA670"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.1.3674.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "919FF97B-D940-4560-8F20-948A58699C33"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.1.3700.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CB258D-FF10-4D7A-96DB-9311D64D62F5"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.2.3730.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AE952B-1A64-492A-8624-449DCF7CDEA1"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.2.3800.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DA92DB6-626B-4A2A-A784-E914F82592ED"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3820.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C109412C-4905-4D4B-835D-E5763A71AFF0"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3830.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C094AEA-3025-4EB6-932D-1865A0997FC6"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3850.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F76281B-8C43-4A2F-B2F5-DAEC351C1F63"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3860.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8084E967-B462-4B73-97E0-13A0C8B15372"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3880.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E230326-3DBC-47FD-AF9F-16DB53EB4BDD"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.3900.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0570DE-AC7D-4D45-BFEA-FEB4C9564989"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.4.4000.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8EA92F7-D93A-4615-B9C9-745B0D49F6FD"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.7.4050.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C557E7C8-A9F5-4AC7-A79E-62812C80DC74"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:1.7.5000.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "220EB778-E9BB-42B0-ACC5-7EF513D69A67"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.0.4115.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B61DB2F-BB8F-4D9C-BA2E-21D89878787A"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.0.4115.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "944FDBE0-FDE9-4511-BF60-722CDC8AB873"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.1.4386.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F426BBDB-7972-42F4-9406-9B3CFEA76856"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.1.4560.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40956134-8566-4298-BFB1-953183CBFC50"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.5.4770.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2FFF797-2582-4830-A19E-7A2BA19587CF"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.5.4770.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A23BA16F-3C05-4604-BA06-E64696ACAD27"}, {"criteria": "cpe:2.3:a:controlsystemworks:csworks:2.5.4912.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68A67326-3D29-407A-95F9-AA47A30B0944"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}

7.5 /10