📄 Description (English)
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
A critical SQL injection vulnerability exists in Streamax Crocus 1.3.44 affecting the /DevicePrint.do parameter handler. The vulnerability allows remote attackers to execute arbitrary SQL commands through the State parameter, potentially leading to unauthorized data access, modification, or deletion. With public exploit availability and no vendor patch forthcoming, immediate mitigation is essential for Saudi organizations using this fleet management system.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 6, 2026 17:55
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi transportation and logistics companies, particularly those operating fleet management systems. High-risk sectors include: (1) Saudi Aramco and energy sector logistics operations, (2) Government transportation and municipal fleet management under MODA, (3) Telecom companies (STC, Mobily, Zain) using Streamax for vehicle tracking, (4) Private logistics and delivery services, (5) Healthcare sector ambulance fleet management. The SQL injection could expose sensitive operational data, vehicle locations, driver information, and maintenance records. Given the public exploit availability and vendor non-responsiveness, exploitation risk is elevated.
🏢 Affected Saudi Sectors
Transportation & Logistics
Energy (Aramco operations)
Government (MODA, municipalities)
Telecommunications (STC, Mobily, Zain)
Healthcare (ambulance fleet management)
Private delivery services
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Streamax Crocus 1.3.44 in your environment and isolate affected systems from production networks if possible
2. Implement network segmentation to restrict access to /DevicePrint.do endpoint to authorized users only
3. Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the State parameter (block: UNION, SELECT, INSERT, UPDATE, DELETE, DROP, EXEC, SCRIPT keywords)
4. Enable comprehensive logging and monitoring of all requests to /DevicePrint.do with focus on State parameter values
5. Contact Shenzhen Ruiming Technology for emergency security updates or migration timeline
DETECTION RULES:
- Monitor for SQL keywords in State parameter: regex pattern '(UNION|SELECT|INSERT|UPDATE|DELETE|DROP|EXEC|;|--|/*|*/)'
- Alert on multiple failed database queries from application logs
- Track unusual database connection patterns or privilege escalation attempts
- Monitor for data exfiltration patterns in outbound traffic
COMPENSATING CONTROLS:
1. Implement database-level access controls: restrict application database user to minimal required permissions (read-only where possible)
2. Enable database query auditing and anomaly detection
3. Use parameterized queries/prepared statements at application level if source code access available
4. Implement input validation: whitelist allowed State parameter values
5. Deploy intrusion detection system (IDS) signatures for Streamax exploitation attempts
6. Consider upgrading to alternative fleet management solutions with active security support
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع حالات Streamax Crocus 1.3.44 في بيئتك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
2. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقطة نهاية /DevicePrint.do للمستخدمين المصرح لهم فقط
3. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معامل State
4. تفعيل السجلات الشاملة ومراقبة جميع الطلبات إلى /DevicePrint.do مع التركيز على قيم معامل State
5. الاتصال بـ Shenzhen Ruiming Technology للحصول على تحديثات أمان طارئة أو جدول زمني للترحيل
قواعد الكشف:
- مراقبة كلمات SQL الرئيسية في معامل State
- تنبيهات على استعلامات قاعدة البيانات الفاشلة المتعددة
- تتبع أنماط اتصال قاعدة البيانات غير العادية
- مراقبة أنماط تسرب البيانات
الضوابط التعويضية:
1. تطبيق ضوابط الوصول على مستوى قاعدة البيانات
2. تفعيل تدقيق استعلامات قاعدة البيانات
3. استخدام الاستعلامات المعاملة/البيانات المحضرة
4. تطبيق التحقق من صحة الإدخال
5. نشر توقيعات نظام كشف التسلل
6. النظر في الترقية إلى حلول إدارة أسطول بديلة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements in supplier relationships
ECC 2024 A.14.2.5 - Addressing information security in supplier agreements
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Monitoring and management of system components
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.DS-6 - Data protection and integrity controls
DE.CM-1 - Detection and monitoring of anomalous activity
RS.MI-1 - Incident response and mitigation
🟡 ISO 27001:2022
A.12.2.1 - Monitoring and management of system components
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Information security requirements in supplier relationships
A.5.23 - Information security for supplier relationships
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 6.5.1 - Injection flaws prevention
Requirement 10.2 - Logging and monitoring of access