External risk intelligence

Accruent Maintenance Connection SQL Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-46501

The vulnerability exists in the E-Mail to Work Order function of Maintenance Connection, an enterprise asset management application. Such systems are commonly deployed as internet-facing or externally accessible web services to allow users to submit work requests via email or web interfaces, making the attack surface reachable from the internet in standard configurations.

SQL Injection

Accruent Maintenance Connection

20212022.2

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Accruent's Maintenance Connection software, specifically within its E-Mail to Work Order function. This flaw could allow unauthorized access and manipulation of data if exploited. The primary concern at this stage is to confirm if this specific software is in use and, if so, to what extent it is exposed.

  • A software flaw allows unauthorized system access.
  • Critical vulnerabilities impact business operations and data.
  • Verify software use and exposure for risk assessment.

Attack Path

How an attacker could exploit the issue

An attacker could exploit a SQL injection vulnerability in the "E-Mail to Work Order" feature of Accruent Maintenance Connection software. This function, often exposed to the internet for ease of submitting work requests, allows an unauthenticated attacker to send specially crafted email data that manipulates database queries. Successful exploitation could grant an attacker high levels of control over the system's data and operations.

  • Unauthenticated network access required.
  • Email function triggers database manipulation.
  • Complete data compromise and control.

Live Threat

Current exploitation, exposure, and threat context

A SQL injection vulnerability in the E-Mail to Work Order function of Accruent LLC Maintenance Connection could allow an unauthenticated attacker to manipulate database queries when supported by the advisory's conditions. This could potentially expose sensitive information or alter system data.

  • Database integrity and confidentiality at risk.
  • Malicious SQL commands injected via email.
  • Unauthorized access and data modification.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Accruent Maintenance Connection product is likely managed by an enterprise asset management or IT infrastructure team, with potential involvement from application owners and the vendor management team due to the SQL injection vulnerability in the E-Mail to Work Order function. The immediate priority is to locate all instances of the affected software, confirm their exposure and business criticality, identify the accountable owner, and then plan remediation or mitigation strategies based on the assessed risk.

  • Ownership: Application and Infrastructure Teams.
  • Verify: System accessibility and business impact.
  • Action: Coordinate vendor fix or mitigation.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Accruent Maintenance Connection?

Accruent Maintenance Connection is an enterprise asset management (EAM) platform used by organizations to track equipment, manage maintenance schedules, and streamline service requests. It often serves as a centralized hub for facility operations.

What is the vulnerability in CVE-2022-46501?

This CVE identifies a SQL injection vulnerability, categorized as CWE-89. This weakness occurs when an application improperly filters user-supplied data before including it in a database query, allowing an attacker to manipulate the underlying database commands.

How is this SQL injection triggered?

The flaw is triggered specifically through the E-Mail to Work Order function. An attacker sends specially crafted email data that the system processes and executes against the database. Simple web interactions that do not utilize this specific email ingestion path do not trigger this vulnerability.

Is my instance at risk?

Halo Surface Signal indicates this vulnerability is likely to be reachable if your instance is internet-facing. Because this software is often deployed to accept work requests from external email or web portals, it may be accessible to unauthorized users over the network.

What should I do to respond to CVE-2022-46501?

First, verify if you are running Maintenance Connection 2021 or 2022.2 in your environment. Identify the system owners, assess the exposure of the E-Mail to Work Order feature, and coordinate with your infrastructure team to apply vendor-supplied updates or implement necessary security mitigations.

References