A vulnerability has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a SQL query. An attacker could leverage this vulnerability to conduct SQL injection attacks. (ZDI-18-355) A vulnerability has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a SQL query. An attacker could leverage this vulnerability to conduct SQL injection attacks. (ZDI-18-355) An information disclosure has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a PHP script. An attacker could leverage this vulnerability to conduct PHP injection attacks. (ZDI-18-356) An information disclosure has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a Python script. An attacker could leverage this vulnerability to conduct injection attacks. (ZDI-18-357) An information disclosure has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a Ruby script. An attacker could leverage this vulnerability to conduct injection attacks. (ZDI-18-358) An information disclosure has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a TCL script
Vulnerability Scoring Terms
This vulnerability has been assigned a CVSS metric of 4.3.
A vulnerability in the OpenSCADA software was identified and exploited to conduct SQL injection attacks. This vulnerability has been given a CVSS metric of 4.3.
An information disclosure issue was identified in the OpenSCADA software and exploited to conduct PHP injection attacks. This vulnerability has been given a CVSS metric of 3.8.
Vulnerability overview
In order to prevent these vulnerabilities, the OpenSCADA software must be updated.
Vulnerability severity and discovery
CVE-2022-39146 has a CVSS v3 severity score of 6.3 and is classified as critical. CVE-2022-39146 is a remote code execution vulnerability that could be exploited remotely.
Timeline
Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:13:00 UTC