Refine your search
1 vulnerability found for by CSWorks
CVE-2014-2351 (GCVE-0-2014-2351)
Vulnerability from cvelistv5
Published
2014-05-20 10:00
Modified
2025-10-03 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSWorks",
"vendor": "CSWorks",
"versions": [
{
"lessThanOrEqual": "2.5.5050.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.5.5233.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Leitch, working with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-05-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.\u003c/p\u003e"
}
],
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:17:47.843Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-135-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67427"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/DownloadDescription.aspx\"\u003ehttp://www.controlsystemworks.com/DownloadDescription.aspx\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\"\u003ehttp://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CSWorks has addressed this vulnerability in the updated version of \nCSWorks, Version 2.5.5233.0. The updated version of CSWorks is available\n at:\u00a0 http://www.controlsystemworks.com/DownloadDescription.aspx \u00a0.\n\nFor additional mitigation and installation information, please review CSWorks\u2019 security release at the following location:\u00a0 http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
}
],
"source": {
"advisory": "ICSA-14-135-01",
"discovery": "EXTERNAL"
},
"title": "CSWorks SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01"
},
{
"name": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330",
"refsource": "CONFIRM",
"url": "http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330"
},
{
"name": "67427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2351",
"datePublished": "2014-05-20T10:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:17:47.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}