CVE-2024-8705

MEDIUM

Shandong Star Measurement and Control Equipment Heating Network Wir...

Title source: llm
STIX 2.1

Description

A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References (4)

Core 4
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.277214
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.277214
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.402236

Scores

CVSS v3 6.3
EPSS 0.0039
EPSS Percentile 30.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Shandong Star Measurement and Control Equipment/Heating Network Wireless Monitoring System 5.6.2
Published Sep 11, 2024
Tracked Since Feb 18, 2026