ARDEREG Sistemas SCADA SQL Injection

Vulnerability

The vulnerability is an unauthenticated blind SQL injection in the login page of ARDEREG Sistema SCADA Central versions 2.203 and prior. [1] The login page fails to properly neutralize special elements used in SQL commands, allowing an attacker to manipulate SQL query logic. [1]

Exploitation

An attacker can exploit this vulnerability remotely without authentication. The attack complexity is low. [1] By sending crafted HTTP requests to the login page, the attacker can inject malicious SQL code. [1] This is a blind SQL injection, meaning the attacker may need to infer results based on application responses.

Impact

Successful exploitation allows an attacker to extract sensitive information from the database, perform unauthorized actions, and potentially execute arbitrary SQL queries. [1] This could lead to unauthorized access, data leakage, or disruption of critical industrial processes. [1] The CVSS v3 base score is 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. [1]

Mitigation

As of the advisory, ARDEREG was aware of the issue but had not responded to CISA's requests. [1] ARDEREG recommends security awareness and training as a workaround. [1] No patch is available yet.