CVE-2019-15933 – CVE-2019-15933 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2019-15933?

CVE-2019-15933 has a CVSS score of 9.8 (CRITICAL). CVE-2019-15933 is a critical SQL injection vulnerability in Intesync Solismed 3.3sp electronic medical record software. Attackers can execute arbitrary SQL commands through unvalidated user input, potentially compromising patient data and system integrity. Healthcare organizations using this specific version are affected.

📋 TL;DR

CVE-2019-15933 is a critical SQL injection vulnerability in Intesync Solismed 3.3sp electronic medical record software. Attackers can execute arbitrary SQL commands through unvalidated user input, potentially compromising patient data and system integrity. Healthcare organizations using this specific version are affected.

💻 Affected Systems

Products:

Intesync Solismed

Versions: 3.3sp

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the web interface component of Solismed 3.3sp. All deployments with this version are vulnerable regardless of configuration.

📦 What is this software?

Solismed by Intesync

View all CVEs affecting Solismed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to theft of all patient records (PHI), administrative credential theft, remote code execution on the database server, and potential ransomware deployment across the healthcare network.

🟠

Likely Case

Unauthorized access to patient medical records, modification of treatment data, extraction of sensitive personal information, and potential privilege escalation to administrative accounts.

🟢

If Mitigated

Limited to attempted SQL injection attempts logged by WAF/database firewalls with no successful data exfiltration or system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are trivial to exploit with automated tools like sqlmap. The Bishop Fox advisory provides technical details that facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3sp

Vendor Advisory: https://www.solismed.com/

Restart Required: Yes

Instructions:

1. Contact Intesync support for the latest patched version. 2. Backup current installation and database. 3. Apply the vendor-provided patch or upgrade to a fixed version. 4. Restart the Solismed application services. 5. Validate functionality post-upgrade.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block exploitation attempts

Network Segmentation

all

Isolate Solismed server from internet and restrict access to authorized users only

🧯 If You Can't Patch

Immediately isolate the Solismed server from internet access and restrict network connectivity to essential healthcare systems only
Implement database activity monitoring and alert on unusual SQL queries or data extraction patterns

🔍 How to Verify

Check if Vulnerable:

Check Solismed version via web interface or configuration files. If version is exactly 3.3sp, system is vulnerable.

Check Version:

Check web interface login page or consult Solismed administration panel for version information

Verify Fix Applied:

Confirm version is no longer 3.3sp and test SQL injection payloads return proper error messages rather than executing.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts followed by complex SQL queries
Database queries with UNION SELECT, INFORMATION_SCHEMA, or other SQL injection patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, DROP, etc.) to Solismed endpoints
Unusual outbound database connections from application server

SIEM Query:

source="solismed_logs" AND ("SQL syntax" OR "union select" OR "information_schema")

📊 Metadata

CVE ID: CVE-2019-15933

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 12, 2019

Last Updated: November 21, 2024

🔗 References

https://bishopfox.com Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical Exploit,Third Party Advisory
https://www.bishopfox.com/blog/news-category/advisories/ Third Party Advisory
https://www.solismed.com/ Product
https://bishopfox.com Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical Exploit,Third Party Advisory
https://www.bishopfox.com/blog/news-category/advisories/ Third Party Advisory
https://www.solismed.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15933, you might also want to check these: