CVE-2023-4485 CRITICAL

CVE-2023-4485: ARDEREG Sistemas SCADA SQL Injection

Vendor Ardereg
Product Sistemas SCADA
Weakness CWE-89 · SQLi
Published September 5, 2023
Last update January 16, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.

Key dates

02Disclosure timeline

September 5, 2023 CVE published
January 16, 2025 Record updated