CVE-2023-6097 CRITICAL

CVE-2023-6097: SQL Injection on ICSSolution ICS Business Manager

Vendor Icssolution

Product ICS Business Manager

Weakness CWE-89 · SQLi

Published November 13, 2023

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.

Key dates

02Disclosure timeline

November 13, 2023 CVE published

September 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6097 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2023-6097

CWE CWE-89

CVSS 9.4 / CRITICAL

Affected versions

Vendor Icssolution

Product ICS Business Manager

Affected 7.06.0028.7089

Vendor Icssolution

Product ICS Business Manager

Affected 7.06.0028.7066

Vendor Icssolution

Product ICS Business Manager

Affected 7.06.0028.2802

CVE-2023-6097: SQL Injection on ICSSolution ICS Business Manager

01Description

02Disclosure timeline

03References

04Related CVE