Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.

This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. 
NOTE: The vendor was contacted and it was learned that the product is not supported.
Published: 2026-06-30
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an SQL injection flaw in Eksagate Electronic Engineering and Computer Industry Trade Inc.'s SYSGUARD 6001. The flaw allows an attacker to inject unescaped SQL commands into queries, enabling blind SQL injection. This can lead to unauthorized data retrieval, modification, or system compromise, potentially exposing confidential information and disrupting the system's operational integrity.

Affected Systems

Affected systems are SYSGUARD 6001 versions from 2.0.2 up to and including 6.1.16.0. The product is no longer supported by the vendor, and no official patch or upgrade is available. Users are advised that the vulnerability remains present in all releases within that range.

Risk and Exploitability

The CVSS score of 9.8 signifies critical severity. EPSS is not available, so the exploitation likelihood is currently unknown, and the vulnerability is not listed in CISA KEV. Based on the nature of SQL injection, the likely attack vector is remote via the interface that accepts SQL statements. No remediation is provided by the vendor; the lack of support makes mitigation difficult, increasing risk for exposed systems.

Generated by OpenCVE AI on June 30, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block all external traffic to the SYSGUARD 6001 interface through firewall rules or network segmentation
  • Apply a web application firewall or SQL injection filtering on the interface that handles SQL queries
  • Monitor system logs for anomalous query activity and perform regular vulnerability scans
  • Contact the vendor for any potential advisory or update, and document the lack of support
  • Consider migrating to a supported or alternative system to eliminate the exposed vulnerability

Generated by OpenCVE AI on June 30, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.  NOTE: The vendor was contacted and it was learned that the product is not supported.
Title SQLi in Exagate's SYSGUARD 6001
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-30T12:11:17.691Z

Reserved: 2026-05-12T14:42:08.496Z

Link: CVE-2026-8402

cve-icon Vulnrichment

Updated: 2026-06-30T12:11:09.219Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T12:30:13Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')