CVE-2017-7973
N/A
N/A
Summary
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric SE | U.Motion | U.motion Builder Versions 1.2.1 and prior. | affected |
Weaknesses
- SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
- http://www.securityfocus.com/bid/99344
References
- http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
- http://www.securityfocus.com/bid/99344
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.