External risk intelligence

Innosa Probbys allows attackers to take control or disrupt services

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2023-4670

An external attacker can exploit a flaw in Innosa Probbys to access and modify sensitive database information. This could allow them to expose credentials and gain administrative control over the system, putting business operations and sensitive data at risk.

2Halo Surface Signal

SQL Injection

Innosa Probbys Project Innosa Probbys

before 2

External exposure likelihood

Halo Surface Signal score for CVE-2023-4670

Innosa Probbys is a Hospital Information Management System (HBYS). These systems are typically deployed on secure, isolated internal networks (intranets) or behind strict internal controls and VPNs to protect sensitive patient records and comply with privacy regulations. Direct public-internet-facing exposure of the core application is uncommon in typical real-world deployments.

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Innosa Probbys allows an attacker to inject malicious SQL commands, potentially compromising data integrity and confidentiality. Because the vulnerability is exploitable remotely without authentication, it demands immediate attention to prevent unauthorized access and manipulation of sensitive information.

Affects sensitive data.
Attack is remotely accessible.
High impact on systems.

Attack Path

How an attacker could exploit the issue

Attackers can exploit this SQL injection vulnerability by sending specially crafted input to the vulnerable Innosa Probbys application. This could allow them to manipulate the database, potentially gaining unauthorized access to sensitive patient data or even taking control of the application.

Requires network access.
Targets web application input.
No authentication needed.

Live Threat

Current exploitation, exposure, and threat context

This SQL injection vulnerability in Innosa Probbys allows for remote code execution and data compromise, making it a potentially attractive target. However, the nature of Hospital Information Management Systems (HIMS) often limits their direct exposure to the public internet. Attacks are more likely to originate from within a compromised internal network rather than directly over the web.

Exploitation unlikely externally.
Internal threat actors a concern.
Limited public exploit information.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate patching or isolation of Innosa Probbys instances before version 2 due to a critical SQL injection vulnerability that allows unauthenticated attackers to achieve high impact. Actively scan logs for any signs of exploitation and ensure that any affected systems are segmented from critical infrastructure if immediate patching is not feasible.

Update Probbys to version 2 or later.
Block external access to affected services.
Monitor for suspicious SQL query patterns.

Frequently asked questions

What is Innosa Probbys?

Innosa Probbys is a Hospital Information Management System used to manage patient records and hospital operations. It helps healthcare facilities organize and access sensitive medical data.

How does CVE-2023-4670 impact Innosa Probbys?

CVE-2023-4670 is an SQL Injection vulnerability. This means an attacker can insert malicious SQL commands into the application, potentially leading to unauthorized access, modification, or deletion of patient data.

What actions trigger the vulnerability in Innosa Probbys?

The vulnerability is triggered when an attacker sends specially crafted input to the Innosa Probbys application. Exploitation does not require authentication, and it targets how the application handles user input that is used in database queries.

Who needs to care about this CVE-2023-4670 vulnerability?

Organizations using Innosa Probbys should be concerned. While the system is typically internal, the Halo Surface Signal indicates this vulnerability is unlikely to be exposed to the public internet, suggesting the primary risk might come from internal network threats.

What is the first step to respond to this threat advisory?

The immediate priority is to update Innosa Probbys to version 2 or later. If immediate patching isn't possible, restrict network access to the affected services and monitor system logs for any unusual SQL query patterns.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.