← back
CVE-2017-7973

CVE-2017-7973

EPSS 1.5%
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
Affected products
Schneider Electric SE · U.Motion

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/http://www.securityfocus.com/bid/99344