Schneider.Electric.U.motion.Builder.SQL.Injection
Description
This indicates an attack attempt against a Command Injection vulnerability in Schneider Electric U.motion Builder.
The vulnerability is due to insufficient validation of user supplied inputs. A remote attacker can exploit this by sending a crafted query to execute SQL commands on a vulnerable server.
Affected Products
Schneider Electric U.motion Builder 1.3.4 and prior
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Please refer to the vendor's website for suggested workaround.
https://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
https://www.schneider-electric.com/en/download/document/SEVD-2019-071-02/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-13 | 14.632 | Severity:high:critical |