Vulnerability Details CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.555
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
- http://seclists.org/fulldisclosure/2019/May/26
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02
- http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
- http://seclists.org/fulldisclosure/2019/May/26
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7841
Products affected by CVE-2018-7841
-
cpe:2.3:a:schneider-electric:u.motion_builder:1.3.4