{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CSWorks", "vendor": "CSWorks", "versions": [ { "lessThanOrEqual": "2.5.5050.0", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "2.5.5233.0" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "John Leitch, working with HP’s Zero Day Initiative (ZDI)" } ], "datePublic": "2014-05-08T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.
" } ], "value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-03T16:17:47.843Z" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-135-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330" }, { "name": "67427", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67427" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "CSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at: http://www.controlsystemworks.com/DownloadDescription.aspx .
For additional mitigation and installation information, please review CSWorks’ security release at the following location: http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330
\n\n