Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges.
Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL injection vulnerability. Please see CERT-NPS:2011:005 for more information.
An attacker with network access to the SENTINEL web interface could access the system with administrative privileges.
Credible information indicates that this vulnerability is addressed in SENTINEL version 220.127.116.11.
Thanks to CERT-NETPEAS for reporting this vulnerability. Thanks also to ICS-CERT and aeCERT for their assistance.
This document was written by Art Manion.
|Date First Published:||2011-09-15|
|Date Last Updated:||2012-05-10 15:06 UTC|