CVE-2024-8705

Name of the Vulnerable Software and Affected Versions: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System version 5.6.2

Description: A critical issue was found in the system, affecting the GetDataKindByType function of the file /DataSrvs/UCCGSrv.asmx. This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public.

Recommendations: For version 5.6.2, as a temporary workaround, consider disabling the GetDataKindByType function until a patch is available. Restrict access to the /DataSrvs/UCCGSrv.asmx file to minimize the risk of exploitation. Avoid using parameters that may lead to sql injection in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.