CVE-2023-1064 in Weighbridge Automation Software
Summary
by MITRE • 03/01/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.
This issue affects Weighbridge Automation Software: before 1.1.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/01/2026
The vulnerability identified as CVE-2023-1064 represents a critical SQL injection flaw within the Uzay Baskul Weighbridge Automation Software version 1.1 and earlier. This vulnerability falls under the Common Weakness Enumeration category CWE-89, which specifically addresses improper neutralization of special elements used in SQL commands. The software operates in industrial automation environments where weighing operations are critical for inventory management and logistics processes, making this vulnerability particularly dangerous for operational technology systems.
The technical flaw occurs when the software fails to properly sanitize or escape user inputs before incorporating them into SQL database queries. Attackers can exploit this weakness by injecting malicious SQL code through input fields that are intended to accept weight measurements, vehicle identifiers, or other operational data. When the application processes these inputs without adequate validation or sanitization, the injected SQL commands execute with the privileges of the database user account, potentially allowing full database access, data manipulation, or even system compromise. The vulnerability is particularly concerning because it affects the core functionality of industrial weighing systems where data integrity is paramount for business operations.
The operational impact of this vulnerability extends beyond simple data theft, as it can disrupt critical industrial processes and potentially lead to financial losses through data manipulation or system downtime. In weighbridge automation environments, unauthorized access to database records could result in altered weight measurements, fraudulent transactions, or complete disruption of inventory tracking systems. The vulnerability affects all versions prior to 1.1, suggesting that organizations running older versions of this software are exposed to significant risk. Attackers leveraging this vulnerability could potentially access sensitive operational data, modify transaction records, or even gain deeper access to connected systems through the database layer.
Organizations should immediately implement multiple layers of defense to mitigate this vulnerability. The primary remediation involves updating to version 1.1 or later of the Weighbridge Automation Software, which includes proper input validation and parameterized query implementations. Additionally, network segmentation should be implemented to limit access to the affected systems, and database access controls should be strictly enforced through principle of least privilege configurations. Security monitoring should be enhanced to detect unusual database access patterns or query execution that might indicate exploitation attempts. From an ATT&CK framework perspective, this vulnerability maps to T1190 (Exploit Public-Facing Application) and T1071.005 (Application Layer Protocol: Web Protocols) as attackers would need to exploit the application's web interface to reach this SQL injection point, making proper network security controls essential for defense in depth.