CVE-2024-8705

MEDIUM EPSS 30.7%

Published Sep 11, 20241y ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published Sep 11, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

30.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

References 4

vuldb.com https://vuldb.com/?ctiid.277214
vuldb.com https://vuldb.com/?id.277214
vuldb.com https://vuldb.com/?submit.402236
wiki.shikangsi.com https://wiki.shikangsi.com/post/share/3cd1d639-7b5d-47cf-a69d-552c314b5168

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.