Navis WebAccess SQL Injection Vulnerability

CVSS 7.3 HIGH

CVEs (1)

CVE-2016-5817

Navis reports that they have released custom patches on August 10, 2016, for the Navis WebAccess application, which is a legacy product that is in use by thirteen customers around the world, five of which are in the United States. The SQL injection vulnerability, which targeted publicly available news-pages in the application, was brought to Navis’ attention on August 9, 2016. Navis reports that they have contacted all their affected customers and that all customers in the United States have implemented the fix.
Navis recommends that all Navis WebAccess users should install the available patch as soon as possible. In the event a Navis customer has questions regarding this issue, they are encouraged to contact customer support through the Navis Collaboration Portal at (http://www.navis.com)

Navis

Navis · Navis WebAccess <August-10-2016

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.