PnPSCADA.hitlogcsv.Unauthenticated.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection vulnerability in PnPSCADA.
This vulnerability is due to improper sanitization of user supplied input in requests to hitlogcsv.jsp. A remote attacker can exploit this vulnerability by sending an HTTP request with crafted HTTP parameters to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the database on the target server.
Affected Products
PnPSCADA version 2
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Currently, we are not aware of any officially supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |