OTPulse
FeedAboutContact

CSWorks Software SQL Injection Vulnerability

Low RiskICS-CERT ICSA-14-135-01Feb 15, 2014
Summary

CSWorks versions 2.5.5050.0 and earlier contain a SQL injection vulnerability (CWE-89) in user input handling. An attacker with network access to the application could inject arbitrary SQL commands to query, modify, or delete data in the database. The vendor has not released a fix and the product is end-of-life. CISA recommends defensive measures to minimize risk.

What this means
What could happen
An attacker with network access to CSWorks could inject malicious SQL commands to extract, modify, or delete data in the underlying database. This could compromise process data, configuration records, or operational logs critical to water/utility operations.
Who's at risk
Water utilities, municipal electric systems, and other critical infrastructure operators using CSWorks for SCADA data management or operational software should review their deployment. Anyone relying on CSWorks version 2.5.5050.0 or earlier for plant control, reporting, or configuration management is affected.
How it could be exploited
An attacker sends a crafted SQL injection payload through a vulnerable input field in CSWorks (likely a web interface or database query parameter). If the application does not properly sanitize user input before constructing database queries, the attacker's malicious SQL executes with the application's database privileges.
Prerequisites
  • Network access to CSWorks application interface (web or direct connection)
  • Ability to submit input to a vulnerable query field
  • No authentication required if the vulnerable parameter is in a publicly accessible form or login page
no patch availableSQL injection enables data extraction and modificationaffects operational databases
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
CSWorks: <=2.5.5050.0≤ 2.5.5050.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIdentify all instances of CSWorks version 2.5.5050.0 or earlier in your environment and document their network location and function
WORKAROUNDImplement network-level access controls to restrict access to CSWorks to only authorized users and engineering workstations; consider placing the application behind a firewall or VPN
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor database logs for suspicious SQL queries or failed authentication attempts targeting CSWorks databases
Long-term hardening
0/1
WORKAROUNDDisable or remove CSWorks if it is no longer in use, as the vendor has not released a patch and the product is unsupported
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6407bc29-39e6-47f4-8ef7-315516cbe553