Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2351

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2351
Last Modified 08 Oct 2015 10:47:15
Published 20 May 2014 07:13:37
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2351

Summary

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.

Vulnerable Systems

Application

  • Controlsystemworks Csworks 1.0.3540.0

  • Controlsystemworks Csworks 1.0.3560.0

  • Controlsystemworks Csworks 1.0.3580.0

  • Controlsystemworks Csworks 1.0.601.0

  • Controlsystemworks Csworks 1.0.612.0

  • Controlsystemworks Csworks 1.0.623.0

  • Controlsystemworks Csworks 1.0.720.0

  • Controlsystemworks Csworks 1.0.801.0

  • Controlsystemworks Csworks 1.0.813.0

  • Controlsystemworks Csworks 1.0.901.0

  • Controlsystemworks Csworks 1.1.3600.0

  • Controlsystemworks Csworks 1.1.3674.0

  • Controlsystemworks Csworks 1.1.3700.0

  • Controlsystemworks Csworks 1.2.3730.0

  • Controlsystemworks Csworks 1.2.3800.0

  • Controlsystemworks Csworks 1.4.3820.0

  • Controlsystemworks Csworks 1.4.3830.0

  • Controlsystemworks Csworks 1.4.3850.0

  • Controlsystemworks Csworks 1.4.3860.0

  • Controlsystemworks Csworks 1.4.3880.0

  • Controlsystemworks Csworks 1.4.3900.0

  • Controlsystemworks Csworks 1.4.4000.0

  • Controlsystemworks Csworks 1.7.4050.0

  • Controlsystemworks Csworks 1.7.5000.0

  • Controlsystemworks Csworks 2.0.4115.0

  • Controlsystemworks Csworks 2.0.4115.1

  • Controlsystemworks Csworks 2.1.4386.0

  • Controlsystemworks Csworks 2.1.4560.0

  • Controlsystemworks Csworks 2.5.4770.0

  • Controlsystemworks Csworks 2.5.4770.1

  • Controlsystemworks Csworks 2.5.4912.0

  • Controlsystemworks Csworks 2.5.5050.0


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-135-01

CONFIRM - http://www.controlsystemworks.com/blogengine/post/2014/05/08/Important-CSWorks-security-release-2552330

BID - 67427


Last Updated: 27 May 2016 11:05:20