CVE-2023-4485

Name of the Vulnerable Software and Affected Versions ARDEREG Sistema SCADA Central versions 2.203 and prior

Description The login page of the affected software is vulnerable to an unauthenticated blind SQL injection attack. This allows an attacker to manipulate the application's SQL query logic, potentially extracting sensitive information or performing unauthorized actions within the database. The vulnerability could lead to unauthorized access, data leakage, or disruption of critical industrial processes by executing arbitrary SQL queries through the login page.

Recommendations For versions 2.203 and prior, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, restrict the ability to execute arbitrary SQL queries through the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.