Skip to main content

Control System

2 CVEs product

Monthly

CVE-2026-34185 HIGH PATCH This Week

SQL injection in Hydrosystem Control System versions before 9.8.5 allows authenticated attackers to execute arbitrary SQL commands via unprotected input parameters across multiple scripts. Exploitation requires low-privilege authentication but no user interaction, enabling attackers to compromise database confidentiality and integrity with potential for full database control. No public exploit identified at time of analysis.

SQLi Control System
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4901 MEDIUM PATCH This Month

Hydrosystem Control System versions prior to 9.8.5 log user credentials in plaintext to accessible log files, enabling authenticated attackers with administrative privileges to extract valid credentials for lateral movement and privilege escalation. This vulnerability is particularly critical when chained with CVE-2026-34184, which may enable unauthorized access to those logged credentials. CVSS score of 6.9 reflects the high confidentiality impact restricted to authenticated administrative users; no public exploit code or active exploitation has been confirmed.

Information Disclosure Control System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in Hydrosystem Control System versions before 9.8.5 allows authenticated attackers to execute arbitrary SQL commands via unprotected input parameters across multiple scripts. Exploitation requires low-privilege authentication but no user interaction, enabling attackers to compromise database confidentiality and integrity with potential for full database control. No public exploit identified at time of analysis.

SQLi Control System
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Hydrosystem Control System versions prior to 9.8.5 log user credentials in plaintext to accessible log files, enabling authenticated attackers with administrative privileges to extract valid credentials for lateral movement and privilege escalation. This vulnerability is particularly critical when chained with CVE-2026-34184, which may enable unauthorized access to those logged credentials. CVSS score of 6.9 reflects the high confidentiality impact restricted to authenticated administrative users; no public exploit code or active exploitation has been confirmed.

Information Disclosure Control System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy