CVE-2017-7973

CWE-89 ā€” SQL Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.3%
top 43.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motion BuilderSchneider Electric SE U.motion
Timeline
PublishedSep 26
Latest updateMay 17

Description

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

ā–¶CVEListV5schneider_electric_se/u.motionU.motion Builder Versions 1.2.1 and prior.

šŸ”“Vulnerability Details

3
GHSA
GHSA-8xpm-cgfj-j3pr: A SQL injection vulnerability exists in Schneider Electric's Uā†—2022-05-17
ā–¶
CVEList
CVE-2017-7973: A SQL injection vulnerability exists in Schneider Electric's Uā†—2017-09-25
ā–¶
VulnCheck
Schneider Electric u.motion_builder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')ā†—2017
ā–¶
CVE-2017-7973 (CRITICAL CVSS 9.8) | A SQL injection vulnerability exist | cvebase.io