CVE-2024-8705

Summary

CVE-2024-8705 is a critical vulnerability identified in version 5.6.2 of the Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System, specifically affecting the GetDataKindByType function in the file /DataSrvs/UCCGSrv.asmx, which is susceptible to SQL injection attacks. This vulnerability allows for remote exploitation with low complexity and minimal privileges required. The potential impact includes unauthorized data access, compromising confidentiality and integrity on a limited scale. To remediate this issue, organizations should patch their systems or apply available security updates immediately. The exploit has been publicly disclosed, increasing the urgency for affected organizations to take preventive measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.