CVE-2024-8950

Name of the Vulnerable Software and Affected Versions: Piramit Automation versions prior to 27.09.2024

Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection', which allows Blind SQL Injection. This means that an attacker could potentially inject malicious SQL code into the application, allowing them to access or modify sensitive data without being detected.

Recommendations: For versions prior to 27.09.2024, update to a version released after 27.09.2024 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation. Avoid using user-input data directly in SQL commands until the issue is resolved. At the moment, there is no information about additional mitigation measures.