Description
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Published: 2026-03-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection leading to configuration compromise
Action: Immediate Patch
AI Analysis

Impact

An unauthenticated, remote attacker can send specially crafted SQL commands through the Ciser System SL CSIP firmware login interface. The flaw exists because user input is incorporated directly into database queries without proper parameterization, a classic SQL injection weakness (CWE-89). Exploitation of this vulnerability allows the attacker to fully compromise the system’s configuration data, affecting both confidentiality and integrity of sensitive information. The attack is possible from an external endpoint with no authentication or privilege escalation required, and the availability of the service is not impacted.

Affected Systems

The affected product is the Ciser System SL CSIP firmware. All firmware releases prior to version 5.3 lack the improved input validation and parameterized queries introduced in version 5.3, and therefore remain vulnerable. Any device running these unpatched firmware versions should be identified and upgraded.

Risk and Exploitability

The CVSS score of 9.3 classifies this flaw as Critical, and the EPSS score of less than 1% indicates a low probability of exploitation in the current data set. Because the vulnerability can be triggered by an unauthenticated, remote attacker without special privileges, the risk is largely driven by the ease of exploitation and the high impact on configuration integrity and confidentiality. The flaw is not listed in the CISA KEV catalog, but its severity and exploitation simplicity warrant prompt mitigation.

Generated by OpenCVE AI on April 18, 2026 at 17:31 UTC.

Remediation

Vendor Solution

The vulnerability has been fixed by the vendor through improved input validation logic and parameterized queries: It is recommended to update to firmware version 5.3 or higher. This version mitigates the risk by ensuring that SQL queries are handled securely, effectively neutralizing the injection vector.

Vendor Workaround

If an immediate firmware update is not feasible, network-level controls must be implemented to reduce the attack surface: * Access Restriction: Limit access to the management or login panel using an Allowlist. All connection attempts from untrusted networks or the public internet must be strictly blocked. * Network Segmentation: Isolate the management interface within a dedicated management VLAN, accessible only through a secure corporate VPN.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied firmware update to version 5.3 or higher, which introduces parameterized queries to neutralize the injection risk.
  • If a firmware upgrade cannot be performed immediately, limit access to the management login interface by applying an allow‑list of trusted IP addresses, blocking all other remote connections.
  • Further isolate the management interface by placing it on a dedicated VLAN and ensuring that only traffic entering through a secure corporate VPN can reach the affected device.

Generated by OpenCVE AI on April 18, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Ciser System
Ciser System csip Firmware
Vendors & Products Ciser System
Ciser System csip Firmware

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
Description A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Title SQL Injection in Ciser System SL firmware
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Ciser System Csip Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-03-02T13:24:05.109Z

Reserved: 2026-02-16T13:17:13.207Z

Link: CVE-2026-2584

cve-icon Vulnrichment

Updated: 2026-03-02T13:23:59.440Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-02T09:16:18.150

Modified: 2026-03-02T20:29:29.330

Link: CVE-2026-2584

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:45:06Z

Weaknesses