Vulnerability Note VU#236668
Samsung Data Management Server vulnerable to SQL injection
The Samsung Integrated Management System DMS is used to manage several air conditioning units. The DMS contains a built-in web server that is susceptible to SQL injection attacks.
The DMS application's authentication form can be bypassed with SQL injection attacks. Versions 1.3.3, 1.4.1 and 1.4.2 are reported to be affected. Other versions may also be affected. More details can be found in ICS-CERT's 11-069-01 advisory.
An attacker can bypass authentication and access the web server as an administrative user.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Samsung||Affected||08 Dec 2010||08 Dec 2010|
CVSS Metrics (Learn More)
Thanks to Josť A. Guasch from SecurityByDefault.com for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2010-4284
- Date Public: 06 May 2011
- Date First Published: 06 May 2011
- Date Last Updated: 09 May 2011
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.