CVE-2023-6097
CRITICALICS Business Manager 7.06.0028.7089 - SQL Injection
Title source: llmDescription
A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.
References (1)
Core 1
Core References
Scores
CVSS v3
9.4
EPSS
0.0080
EPSS Percentile
52.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (3)
icssolution/ics_business_manager
7.06.0028.2802
icssolution/ics_business_manager
7.06.0028.7066
icssolution/ics_business_manager
7.06.0028.7089
Published
Nov 13, 2023
Tracked Since
Feb 18, 2026