CVE-2020-7493

CWE-89 — SQL Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.3%

top 43.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Operator Terminal Expert

Timeline

PublishedJun 16

Latest updateMay 24

Description

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ecostruxure_operator_terminal_expert_3.1_service_pack_1_and_prior_(formerly_known_as_vijeo_xd)EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)

▶NVDschneider-electric/ecostruxure_operator_terminal_expert3.0+1

🔴Vulnerability Details

GHSA

GHSA-4vgg-42gm-vqxc: A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal E↗2022-05-24

▶

CVEList

CVE-2020-7493: A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal E↗2020-06-16

▶