You are here

Equinox Control Expert (ICSA-19-353-02)

Equinox Control Expert (ICSA-19-353-02)

Created: Thursday, December 19, 2019 - 16:44
Categories:
Cybersecurity

CISA has published an advisory on an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Equinox Control Expert. All current and older versions could be affected. Successful exploitation of this vulnerability may allow remote code execution. Equinox has not responded to requests to provide mitigating details regarding this vulnerability. CISA will update its advisory with any information provided by the vendor. In the meantime, CISA recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.