Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Remote unauthenticated blind SQLi over the network with low complexity (AV:N/AC:L/PR:N/UI:N); injection enables full read, modification, and disruption of the backend database, so C/I/A all High.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.
This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was contacted and it was learned that the product is not supported.
AnalysisAI
Blind SQL injection in Eksagate SYSGUARD 6001 (versions 2.0.2 up to but not including 6.1.16.0) lets remote unauthenticated attackers inject crafted SQL through improperly neutralized input, enabling extraction or manipulation of backend database contents. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) rates it 9.8 Critical with full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against reachable instances of SYSGUARD 6001, consistent with AV:N/AC:L/PR:N/UI:N; the attacker only needs network access to a vulnerable input endpoint and a running version in the range 2.0.2 to before 6.1.16.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed in completeness but lean toward genuine priority for any organization still running this product. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker with no credentials sends a series of crafted requests to a vulnerable SYSGUARD 6001 input parameter, using boolean- or time-based payloads to infer whether injected SQL conditions are true. Over successive automated requests the attacker enumerates database schema and exfiltrates sensitive records, and given the I:H rating could also alter stored data. … |
| Remediation | No vendor-released patch identified at time of analysis - the vendor confirmed SYSGUARD 6001 is unsupported, so the fixed-version reference '6.1.16.0' implied by the affected range cannot be relied upon as an available remediation for end users. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running SYSGUARD 6001 versions 2.0.2-6.1.15.x via asset inventory and immediately isolate from external network access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Sysguard 6001
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40296
GHSA-jg5p-684r-wfw3