CVE-2021-41063 – An unauthenticated SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2021-41063?

CVE-2021-41063 has a CVSS score of 9.8 (CRITICAL). An unauthenticated SQL injection vulnerability in Aanderaa GeoView Webservice allows attackers to execute arbitrary SQL commands on the database. This affects all systems running versions prior to 2.1.3, potentially compromising industrial control systems that use this software.

📋 TL;DR

An unauthenticated SQL injection vulnerability in Aanderaa GeoView Webservice allows attackers to execute arbitrary SQL commands on the database. This affects all systems running versions prior to 2.1.3, potentially compromising industrial control systems that use this software.

💻 Affected Systems

Products:

Aanderaa GeoView Webservice

Versions: All versions prior to 2.1.3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations with default configurations. Part of Xylem's industrial control systems portfolio.

📦 What is this software?

Aanderaa Geoview by Xylem

View all CVEs affecting Aanderaa Geoview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, data exfiltration, manipulation of industrial control data, and potential physical damage to critical infrastructure.

🟠

Likely Case

Database compromise leading to data theft, manipulation of sensor readings, and disruption of monitoring systems.

🟢

If Mitigated

Limited impact with proper network segmentation and web application firewalls blocking SQL injection attempts.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, unauthenticated access allows lateral movement and significant damage.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with readily available tools. Unauthenticated access lowers the barrier significantly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.3

Vendor Advisory: https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf

Restart Required: Yes

Instructions:

1. Download version 2.1.3 from Xylem's official distribution channels. 2. Backup current configuration and data. 3. Stop the GeoView Webservice. 4. Install the updated version. 5. Restart the service and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate GeoView Webservice from untrusted networks and implement strict firewall rules.

Web Application Firewall

all

Deploy WAF with SQL injection protection rules in front of the service.

🧯 If You Can't Patch

Implement strict network access controls allowing only trusted IP addresses
Deploy database monitoring to detect SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Aanderaa GeoView Webservice via the web interface or configuration files.

Check Version:

Check web interface or consult application documentation for version display

Verify Fix Applied:

Confirm version 2.1.3 is installed and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts or unusual parameter values in web server logs

Network Indicators:

SQL keywords in HTTP GET/POST parameters
Unusual database connection patterns from web service

SIEM Query:

source="web_logs" AND (url="*SELECT*" OR url="*UNION*" OR url="*INSERT*" OR url="*DELETE*" OR url="*UPDATE*")

📊 Metadata

CVE ID: CVE-2021-41063

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 8, 2021

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-01 Third Party Advisory,US Government Resource
https://www.xylem.com Vendor Advisory
https://www.xylem.com/en-us/about-xylem/cybersecurity/advisories/ Vendor Advisory
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-01 Third Party Advisory,US Government Resource
https://www.xylem.com Vendor Advisory
https://www.xylem.com/en-us/about-xylem/cybersecurity/advisories/ Vendor Advisory
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41063, you might also want to check these: