CVE-2024-0851

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27.

CVSS

No CVSS.

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-0556
https://www.usom.gov.tr/bildirim/tr-24-0556

Configurations

No configuration.

History

21 Nov 2024, 08:47

Type	Values Removed	Values Added
References	~~() https://www.usom.gov.tr/bildirim/tr-24-0556 -~~	() https://www.usom.gov.tr/bildirim/tr-24-0556 -

28 May 2024, 12:39

Type	Values Removed	Values Added
Summary		(es) Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyección SQL') en Grup Arge Energy and Control Systems Smartpower permite la Inyección SQL. Este problema afecta a Smartpower: hasta V24.05.27.

27 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-27 15:15

Updated : 2024-11-21 08:47

NVD link : CVE-2024-0851

Mitre link : CVE-2024-0851

CVE.ORG link : CVE-2024-0851

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-0851", "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 10.0, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-05-27T15:15:08.780", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0556", "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-24-0556", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27."}, {"lang": "es", "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyecci\u00f3n SQL') en Grup Arge Energy and Control Systems Smartpower permite la Inyecci\u00f3n SQL. Este problema afecta a Smartpower: hasta V24.05.27."}], "lastModified": "2024-11-21T08:47:30.310", "sourceIdentifier": "iletisim@usom.gov.tr"}