External risk intelligence

Biltay Procost could allow an external attacker to access data and take control of the system.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2023-5046

An external attacker can send malicious data through Biltay Procost input fields to run unauthorized database instructions. This could allow them to gain full administrative control over the hosting server and compromise sensitive application data.

1Halo Surface Signal

SQL Injection

Biltay Procost

before 1390

External exposure likelihood

Halo Surface Signal score for CVE-2023-5046

Biltay Procost is a Manufacturing Execution System (MES) used for factory floor operations. These systems are normally isolated within internal operational technology (OT) or corporate networks with no public network exposure, interfacing directly with industrial machinery and database systems rather than being exposed to the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An SQL injection vulnerability in Biltay Technology Procost allows unauthorized individuals to execute commands by manipulating database queries. This could lead to significant data compromise and system control.

  • Potential for complete system takeover.
  • Data theft or modification is possible.
  • Could affect operations if critical systems are compromised.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this SQL injection flaw in Biltay Procost to execute arbitrary commands on the underlying operating system. They would craft malicious SQL queries to manipulate the database, potentially leading to full system compromise.

  • No authentication required.
  • Targets SQL input.
  • Database and system access.

Live Threat

Current exploitation, exposure, and threat context

SQL Injection vulnerabilities, especially those allowing command execution, are generally highly attractive to attackers due to their potential for deep system compromise. While this specific vulnerability is in Procost, an MES system, its direct network accessibility and critical functions could make it a valuable target if exposed. The current threat landscape shows a broad interest in such impactful vulnerabilities, but exploitation often depends on the ease of discovery and access.

  • Exploitation unlikely if not public facing.
  • Limited exposure likely hinders widespread targeting.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize identifying and isolating any Biltay Procost instances exposed to the network, as this SQL injection vulnerability is critical and can lead to command line execution. Given the high severity and potential for remote code execution, assume immediate compromise until proven otherwise. Act swiftly to contain the threat, especially if the affected services cannot be immediately patched or taken offline.

  • Block all external access to Procost.
  • Segment affected systems from the network.
  • Investigate logs for signs of exploitation.

Frequently asked questions

What is Biltay Technology Procost and what is it used for?

Biltay Technology Procost is a Manufacturing Execution System (MES) used in factory operations. It helps manage and monitor processes on the production floor, potentially interacting with industrial machinery and databases.

What is the weakness class for CVE-2023-5046 in Procost?

The weakness class for CVE-2023-5046 is SQL Injection (CWE-89). This means an attacker can interfere with the queries an application makes to its database, potentially leading to unintended consequences like data access or command execution.

How can an attacker trigger the vulnerability in Procost?

An attacker can exploit this vulnerability by sending specially crafted SQL commands through input fields. This could allow them to manipulate the database and execute commands on the system, but it does not trigger if the system is not exposed to the network.

Who should be concerned about CVE-2023-5046, considering its exposure?

Organizations using Biltay Procost should be concerned. Halo Surface Signal indicates that while Procost systems are typically internal, any instance that is inadvertently exposed to the internet poses a significant risk due to the critical nature of the vulnerability.

What is the first step to respond to this Procost vulnerability?

The immediate first step is to identify if any instances of Biltay Procost are accessible from outside the internal network. If so, blocking all external access to these systems is a critical priority to contain the threat.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified