CVE-2022-41671
published 2022-11-04CVE-2022-41671: A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_operator_terminal_expert | < 3.3 | 3.3 |
| schneider-electric | ecostruxure_operator_terminal_expert | — | — |
| schneider-electric | pro-face_blue | < 3.3 | 3.3 |
| schneider-electric | pro-face_blue | — | — |
| schneider_electric | ecostruxure_operator_terminal_expert | V3.3 – Hotfix 1 | — |
| schneider_electric | pro-face_blue | V3.3 – Hotfix 1 | — |