The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mo...
Description
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
AI Analyst Comment
Remediation
Update The SFT developed by Digiwin has a SQL Injection Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical SQL Injection vulnerability, identified as CVE-2025-7343, has been discovered in multiple products utilizing the SFT (Shop Floor Tracking) system developed by Digiwin. This flaw allows a remote, unauthenticated attacker to gain complete control over the application's database. Successful exploitation could lead to a severe data breach, unauthorized data modification, or complete data loss, posing a critical risk to business operations and data integrity.
Vulnerability Details
CVE-ID: CVE-2025-7343
Affected Software: Multiple products that incorporate The SFT (Shop Floor Tracking) system developed by Digiwin.
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: The vulnerability exists because the application fails to properly sanitize user-supplied input before it is used in a SQL query. An unauthenticated remote attacker can send specially crafted input to an exposed application endpoint. This malicious input is then executed directly by the back-end database, allowing the attacker to inject and run arbitrary SQL commands. This enables the attacker to bypass authentication mechanisms and perform unauthorized actions, including reading sensitive data (e.g.,
SELECT), modifying records (e.g.,UPDATE), and deleting database contents (e.g.,DELETE,DROP TABLE).Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation can have a catastrophic business impact. An attacker could exfiltrate an entire database, leading to a major data breach of sensitive corporate information, customer data, and intellectual property. The ability to modify and delete data could cripple business operations by corrupting financial records, disrupting supply chain and manufacturing processes, and causing significant service outages. The potential consequences include severe financial loss from remediation costs and regulatory fines, irreparable reputational damage, and a complete loss of customer trust.
Remediation Plan
Immediate Action: Immediately update all affected products incorporating the Digiwin SFT system to the latest patched version as recommended by the vendor. Prioritize patching for systems that are exposed to the internet. Concurrently, initiate enhanced monitoring for any signs of exploitation and thoroughly review historical access logs for indicators of compromise.
Proactive Monitoring: Implement robust monitoring of web server, application, and database logs. Look for suspicious requests containing SQL syntax and keywords (e.g.,
UNION,SELECT,',--,#), unusually long or malformed input strings, and a spike in database error messages. Monitor network traffic for anomalous data flows from database servers to external destinations, which could indicate data exfiltration.Compensating Controls: If immediate patching is not feasible, apply the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: False (as of the date of this analysis)
Analyst Notes: As of Jul 21, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to its critical severity and the simplicity of exploitation for this class of vulnerability, it is highly likely to be targeted by threat actors in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents an immediate and severe threat to the organization. The ability for an unauthenticated attacker to remotely compromise the database requires urgent attention. We strongly recommend that the vendor's patch be applied to all affected systems as the highest priority. Although there is no evidence of active exploitation at this time, the public disclosure of this vulnerability makes it a prime target. Organizations must act preemptively to apply the patch or, if unable, implement compensating controls like a WAF and network segmentation without delay to prevent a potentially devastating security incident.