{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7201", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-07-29T01:58:28.191Z", "datePublished": "2024-07-29T02:58:34.222Z", "dateUpdated": "2024-08-01T21:52:31.488Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Web", "product": "WinMatrix3", "vendor": "Simopro Technology", "versions": [{"lessThanOrEqual": "1.2.33.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-07-29T02:53:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}], "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-07-29T02:58:34.222Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"}, {"tags": ["vendor-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update WinMatrix3 Web package to 1.2.35.3 or later version."}], "value": "Update WinMatrix3 Web package to 1.2.35.3 or later version."}], "source": {"advisory": "TVN-202407012", "discovery": "EXTERNAL"}, "title": "Simopro Technology WinMatrix3 Web package - SQL Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "simopro_technology", "product": "winmatrix3", "cpes": ["cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.33.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T16:12:55.764151Z", "id": "CVE-2024-7201", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T16:15:19.917Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.488Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.488Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7201", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-29T16:12:55.764151Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*"], "vendor": "simopro_technology", "product": "winmatrix3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.2.33.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T16:15:14.074Z"}}], "cna": {"title": "Simopro Technology WinMatrix3 Web package - SQL Injection", "source": {"advisory": "TVN-202407012", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Simopro Technology", "product": "WinMatrix3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.2.33.3"}], "packageName": "Web", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update WinMatrix3 Web package to 1.2.35.3 or later version.", "supportingMedia": [{"type": "text/html", "value": "Update WinMatrix3 Web package to 1.2.35.3 or later version.", "base64": false}]}], "datePublic": "2024-07-29T02:53:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html", "tags": ["vendor-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.", "supportingMedia": [{"type": "text/html", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-07-29T02:58:34.222Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7201", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:52:31.488Z", "dateReserved": "2024-07-29T01:58:28.191Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-07-29T02:58:34.222Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simopro_technology:winmatrix3:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E12AD4D-BB78-48B4-AF50-5A4E0109E4A6", "versionEndIncluding": "1.2.33.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."}, {"lang": "es", "value": " La funcionalidad de inicio de sesi\u00f3n del paquete web WinMatrix3 de Simopro Technology carece de una validaci\u00f3n adecuada de la entrada del usuario, lo que permite a atacantes remotos no autenticados inyectar comandos SQL para leer, modificar y eliminar contenidos de la base de datos."}], "id": "CVE-2024-7201", "lastModified": "2024-09-10T21:16:34.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-07-29T03:15:03.267", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}