CVE-2017-7973

Summary

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEU.MotionU.motion Builder Versions 1.2.1 and prior.affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References