CVE-2023-6097

Summary

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.

Affected Software

VendorProductVersion RangeStatus
ICSSolutionICS Business Manager7.06.0028.7089affected
ICSSolutionICS Business Manager7.06.0028.7066affected
ICSSolutionICS Business Manager7.06.0028.2802affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References