Vulnerability Details CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.391
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
- http://seclists.org/fulldisclosure/2019/May/26
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02
- http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
- http://seclists.org/fulldisclosure/2019/May/26
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02
Products affected by CVE-2018-7841
-
cpe:2.3:a:schneider-electric:u.motion_builder:1.3.4