CVE-2023-48645 in App
Summary
by MITRE • 02/02/2024
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/03/2025
The vulnerability identified as CVE-2023-48645 represents a critical security flaw within the Archibus app version 4.0.3 for iOS operating systems. This mobile application serves as a maintenance management tool that interfaces with a centralized web server through a local database synchronization mechanism. The application's architecture relies on periodic data synchronization between the local iOS database and the central server, occurring either upon application launch or manual refresh operations. This synchronization process creates a potential attack surface that adversaries can exploit to compromise the integrity and confidentiality of maintenance data.
The technical flaw manifests as a SQL injection vulnerability specifically within the search functionality of the Maintenance module. This vulnerability stems from improper input validation and sanitization of user-supplied data within the search work request feature. When users interact with the search functionality, the application fails to adequately sanitize or parameterize the input parameters before incorporating them into SQL queries executed against the local database. This oversight allows malicious actors to inject arbitrary SQL commands through crafted search inputs, effectively bypassing normal database access controls and potentially executing unauthorized queries against the local SQLite database.
The operational impact of this vulnerability extends beyond simple data exposure, as it enables attackers to perform unauthorized database operations that could compromise the integrity of maintenance records, access sensitive operational data, or potentially escalate privileges within the application's local data environment. The local database synchronization mechanism creates a persistent threat vector since the compromised data can be synchronized with the central server, potentially affecting the entire maintenance management system. This vulnerability particularly affects organizations relying on Archibus for critical infrastructure maintenance operations where the integrity of work request data and maintenance schedules is paramount for operational continuity and safety compliance.
Security professionals should consider this vulnerability in the context of CWE-89, which specifically addresses SQL injection flaws in software systems. The attack surface aligns with ATT&CK technique T1071.004 for application layer protocol use, where adversaries leverage application vulnerabilities to execute malicious code or extract data. Organizations should implement immediate mitigations including input validation, parameterized queries, and regular security assessments of mobile applications. The vulnerability highlights the importance of secure coding practices in mobile applications and the necessity of comprehensive security testing for synchronization mechanisms that bridge local and remote data environments. Additionally, network segmentation and access controls should be reviewed to limit potential lateral movement if the vulnerability is successfully exploited, while regular database audits should be conducted to detect any unauthorized access patterns or data manipulation attempts that may result from this SQL injection vulnerability.