Intrusion Prevention



This indicates an attack attempt against a Command Injection vulnerability in Schneider Electric U.motion Builder.
The vulnerability is due to insufficient validation of user supplied inputs. A remote attacker can exploit this by sending a crafted query to execute SQL commands on a vulnerable server.

Affected Products

Schneider Electric U.motion Builder 1.3.4 and prior


System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

CVE References

CVE-2017-7973 CVE-2018-7841