SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.
https://www.cisa.gov/news-events/ics-advisories/icsa-14-135-01