CVE-2024-8705
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shandong Star Measurement and Control Equipment | Heating Network Wireless Monitoring System | 5.6.2 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.277214
- https://vuldb.com/?ctiid.277214
- https://vuldb.com/?submit.402236
- https://wiki.shikangsi.com/post/share/3cd1d639-7b5d-47cf-a69d-552c314b5168
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.