CVE-2024-8395 identifies a critical SQL Injection vulnerability (CWE-89) in FlyCASS's Cockpit Access Security System (CASS) and KCM products. These systems fail to properly sanitize or filter user-supplied input before incorporating it into SQL queries, allowing attackers to inject arbitrary SQL commands. The vulnerability is remotely exploitable over the network without requiring any form of authentication or user interaction, significantly lowering the barrier for exploitation. Successful exploitation can lead to unauthorized data disclosure, modification, or deletion, as well as potential full system compromise and denial of service. The vulnerability affects version 0 of the product, with no patches currently available. The CVSS v3.1 base score of 9.8 reflects the critical nature of this flaw, with attack vector being network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported yet, the severity and ease of exploitation make this a high-priority threat. FlyCASS CASS and KCM systems are typically used in aviation security environments for cockpit access control, making the impact of compromise potentially severe in terms of operational safety and security. The vulnerability was published on September 5, 2024, and assigned by ICS-CERT, highlighting its relevance to industrial control and critical infrastructure sectors.

For European organizations, especially those in aviation, aerospace, and critical infrastructure sectors, this vulnerability poses a severe risk. Exploitation could lead to unauthorized access to sensitive cockpit access control systems, potentially allowing attackers to manipulate access permissions or disrupt operations. This could compromise flight safety, lead to data breaches of sensitive operational information, and cause significant operational downtime. The ability to execute arbitrary SQL commands without authentication means attackers can exfiltrate confidential data, alter system configurations, or launch denial-of-service attacks, impacting availability. Given the strategic importance of aviation hubs in Europe, such as Frankfurt, Paris, Amsterdam, and London, the disruption of cockpit access systems could have cascading effects on air traffic management and security. Additionally, regulatory compliance risks arise from potential breaches of GDPR and aviation security regulations. The lack of available patches increases the urgency for organizations to implement interim mitigations to protect their systems.

1. Immediately implement strict input validation and sanitization on all user inputs interacting with SQL queries within FlyCASS CASS and KCM systems, employing parameterized queries or prepared statements where possible. 2. Apply network segmentation to isolate FlyCASS systems from general enterprise networks and restrict access to trusted management hosts only. 3. Deploy Web Application Firewalls (WAFs) or database activity monitoring solutions configured to detect and block SQL Injection patterns targeting these systems. 4. Monitor logs for unusual or anomalous database queries indicative of injection attempts, and establish alerting mechanisms for suspicious activities. 5. Coordinate with FlyCASS vendor for any forthcoming patches or security advisories and plan for rapid deployment once available. 6. Conduct penetration testing and vulnerability assessments focused on SQL Injection vectors in these systems. 7. Limit database user privileges to the minimum necessary to reduce the impact of a successful injection. 8. Educate security teams and system administrators about this vulnerability and ensure incident response plans include scenarios involving SQL Injection attacks on critical access control systems.