In August 2016, Navis a provider of maritime logistics software faced a critical SQL injection vulnerability (CVE-2016-5817) in its WebAccess platform, used by U.S. ports and 13 global port authorities and logistics operators. An ethical hacker, bRpsd, publicly disclosed a fully functional exploit without prior vendor notification, enabling remote attackers to view, modify, or delete operational logistics data in real time. While Navis responded swiftly patching the flaw within 24 hours of disclosure the vulnerability exposed sensitive cargo, vessel, and supply chain data, risking disruptions in global trade operations, financial fraud, or smuggling facilitation due to manipulated records. The attack vector did not involve ransomware or direct data exfiltration for extortion but posed a high operational risk to port authorities, shipping firms, and customs agencies relying on Navis WebAccess for real-time logistics coordination. The lack of advance warning amplified the threat, as adversaries could exploit the flaw before patches were deployed.
Source: https://news.softpedia.com/news/us-ports-targeted-with-zero-day-sql-injection-flaw-507566.shtml
TPRM report: https://www.rankiteo.com/company/navis
"id": "nav443092125",
"linkid": "navis",
"type": "Vulnerability",
"date": "8/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '13+ port authorities and '
'logistics operators worldwide',
'industry': 'logistics/transportation',
'location': 'Global (HQ in Oakland, California, USA)',
'name': 'Navis (software vendor)',
'type': 'technology provider'},
{'industry': 'logistics/transportation',
'location': 'United States',
'name': 'U.S. Ports (multiple)',
'type': 'government/port authority'},
{'industry': 'logistics/transportation',
'location': 'Worldwide',
'name': 'Global Port Authorities (13+ organizations)',
'type': ['port authority', 'logistics operator']}],
'attack_vector': 'SQL injection (CVE-2016-5817)',
'customer_advisories': ['Port authorities and logistics operators were '
'notified to apply patches.'],
'data_breach': {'data_exfiltration': ['possible (view/modify/delete '
'capabilities)'],
'sensitivity_of_data': ['operational',
'potentially confidential logistics '
'information'],
'type_of_data_compromised': ['operational logistics data',
'database records']},
'date_detected': '2016-08-08',
'date_publicly_disclosed': '2016-08-08',
'date_resolved': '2016-08-10',
'description': 'In August 2016, U.S. ports and 13 organizations’ port '
'authorities and logistics operators worldwide using Navis '
'WebAccess were hit by a SQL injection attack. The hacker, an '
"ethical hacker known as 'bRpsd', released a fully working "
'exploit online without notifying the vendor in advance. The '
'vulnerability (CVE-2016-5817) allowed remote attackers to '
'view, modify, or delete data stored in the application’s '
'database. Navis, the software vendor, was informed on August '
'9 and released custom patches on August 10, 2016.',
'impact': {'brand_reputation_impact': ['potential reputational damage to '
'Navis and affected organizations'],
'data_compromised': ['operational logistics data',
'database records'],
'operational_impact': ['potential disruption to port operations',
'data integrity risks'],
'systems_affected': ['Navis WebAccess']},
'initial_access_broker': {'entry_point': 'Navis WebAccess web application '
'(SQL injection vulnerability)',
'high_value_targets': ['port operational data',
'logistics information']},
'investigation_status': 'Resolved (patches released)',
'lessons_learned': ['Importance of responsible disclosure for critical '
'vulnerabilities in industrial control systems (ICS) and '
'operational technology (OT).',
'Rapid patch management is essential for vulnerabilities '
'in widely used logistics software to prevent supply '
'chain disruptions.',
'SQL injection remains a persistent threat even in '
'enterprise-grade applications.'],
'motivation': ['research', 'disclosure', 'proof-of-concept'],
'post_incident_analysis': {'corrective_actions': ['Navis released patches to '
'mitigate CVE-2016-5817.',
'Encouraged customers to '
'update systems '
'immediately.',
'Likely internal review of '
'secure coding practices '
'(inferred).'],
'root_causes': ['Lack of input sanitization in '
'Navis WebAccess leading to SQL '
'injection.',
'Inadequate security testing for a '
'critical logistics application.']},
'recommendations': ['Implement stricter input validation and parameterized '
'queries to prevent SQL injection.',
'Establish a coordinated vulnerability disclosure process '
'with ethical hackers.',
'Conduct regular security audits for web-based '
'applications in critical infrastructure sectors.',
'Enhance monitoring for unauthorized database access '
'attempts in logistics systems.'],
'references': [{'source': 'CVE Details - CVE-2016-5817',
'url': 'https://www.cvedetails.com/cve/CVE-2016-5817/'},
{'source': 'Security Affairs - Navis WebAccess SQL Injection',
'url': 'https://securityaffairs.co/wordpress/50000/hacking/navis-webaccess-sql-injection.html'}],
'response': {'communication_strategy': ['vendor advisory',
'public exploit disclosure by '
'researcher'],
'containment_measures': ['vendor notification (August 9, 2016)',
'public disclosure of vulnerability'],
'incident_response_plan_activated': True,
'remediation_measures': ['custom patches released by Navis '
'(August 10, 2016)']},
'stakeholder_advisories': ['Navis issued patches and advisories to affected '
'customers.'],
'threat_actor': 'bRpsd (ethical hacker)',
'title': 'Navis WebAccess SQL Injection Vulnerability (CVE-2016-5817)',
'type': ['cyberattack', 'data breach', 'vulnerability exploitation'],
'vulnerability_exploited': 'CVE-2016-5817 (Critical SQL injection in Navis '
'WebAccess)'}