This vulnerability (CVE-2024-12143) affects the Mikro Hand Terminal - MikroDB product by Mobilteg Mobile Informatics. It is classified as CWE-89, indicating improper neutralization of special elements used in SQL commands, commonly known as SQL Injection. The vulnerability allows an attacker to inject malicious SQL code, potentially leading to unauthorized data access or modification. The CVSS 3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vendor has not provided any patch or remediation status, and no known exploits are reported in the wild at this time.

Successful exploitation of this SQL Injection vulnerability could allow an unauthenticated attacker to execute arbitrary SQL commands on the MikroDB database. This can lead to full compromise of the database, including unauthorized disclosure, modification, or deletion of data, and potentially disruption of service. Given the critical CVSS score, the impact on affected systems is severe.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not announced a fix or mitigation, organizations using Mikro Hand Terminal - MikroDB should monitor vendor communications closely. In the absence of an official fix, consider implementing application-layer input validation and database query parameterization as temporary mitigations where feasible.