Refine your search
2 vulnerabilities found for CSWorks by CSWorks
CVE-2014-2351 (GCVE-0-2014-2351)
Vulnerability from cvelistv5
Published
2014-05-20 10:00
Modified
2025-10-03 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSWorks",
"vendor": "CSWorks",
"versions": [
{
"lessThanOrEqual": "2.5.5050.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.5.5233.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Leitch, working with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-05-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.\u003c/p\u003e"
}
],
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:17:47.843Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/DownloadDescription.aspx\"\u003ehttp://www.controlsystemworks.com/DownloadDescription.aspx\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\"\u003ehttp://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u00a0 http://www.controlsystemworks.com/DownloadDescription.aspx \u00a0.\n\nFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u00a0 http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
}
],
"source": {
"advisory": "ICSA-14-135-01",
"discovery": "EXTERNAL"
},
"title": "CSWorks SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"name": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330",
"refsource": "CONFIRM",
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2351",
"datePublished": "2014-05-20T10:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:17:47.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2011-000095
Vulnerability from jvndb
Published
2011-11-01 16:05
Modified
2011-11-02 14:42
Summary
CSWorks LiveData Service vulnerable to denial-of-service (DoS)
Details
LiveData Service, a server component of CSWorks contains a denial-of-service (DoS) vulnerability.
LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS).
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000095.html",
"dc:date": "2011-11-02T14:42+09:00",
"dcterms:issued": "2011-11-01T16:05+09:00",
"dcterms:modified": "2011-11-02T14:42+09:00",
"description": "LiveData Service, a server component of CSWorks contains a denial-of-service (DoS) vulnerability.\r\n\r\nLiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS).\r\n\r\nKuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000095.html",
"sec:cpe": {
"#text": "cpe:/a:controlsystemworks:csworks",
"@product": "CSWorks",
"@vendor": "CSWorks",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000095",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN98649286/index.html",
"@id": "JVN#98649286",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3996",
"@id": "CVE-2011-3996",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3996",
"@id": "CVE-2011-3996",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "CSWorks LiveData Service vulnerable to denial-of-service (DoS)"
}