CVE-2024-4872

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-943
View all →

Vulnerability Description

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Related Vulnerabilities

CVE-2017-12904

HIGH
CVSS:8.8(High)

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf...

CWE-9432017

CVE-2018-7829

HIGH
CVSS:8.8(High)

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary s...

CWE-9432018

CVE-2025-24787

HIGH
CVSS:8.6(High)

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files...

CWE-9432025

CVE-2020-5257

HIGH
CVSS:8.1(High)

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a...

CWE-9432020

CVE-2017-12904

HIGH
CVSS:8.8(High)

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf...

CWE-9432017

CVE-2018-7829

HIGH
CVSS:8.8(High)

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary s...

CWE-9432018