Emerson AMS Device Manager local SQL Injection Vulnerability (CVE-2015-1008)
Emerson AMS Device Manager local SQL Injection Vulnerability (CVE-2015-1008)
Release date:
Updated on:
Affected Systems:
Emersonprocess AMS Device Manager <= 12.5
Description:
Bugtraq id: 74774
CVE (CAN) ID: CVE-2015-1008
Emerson AMS Device Manager is a software package used to monitor and manage the status of on-site devices.
AMS Device Manager 12.5 and earlier versions have the SQL injection vulnerability. Attackers can exploit this vulnerability to access applications and their data files by submitting malformed input to the affected software.
<* Source: Emerson Process Management
Link: https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01
*>
Suggestion:
Vendor patch:
Emersonprocess
--------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/ B /securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability
This article permanently updates the link address: