Schneider Electric U.motion Builder up to 1.2.1 sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Schneider Electric U.motion Builder up to 1.2.1 (Automation Software). It has been classified as critical. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082002701/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1082002601/14/2021VulD...person_namergod working with Trend Micro???s Zero Day Initiative.securityfocus.com01/14/2021accepted70
714007611/19/2019VulD...confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/schneider-electric.com11/19/2019accepted100
714007511/19/2019VulD...company_nameZero Day Initiative11/19/2019accepted100
714003411/19/2019VulD...discoverydate149869440011/19/2019accepted100
714009509/26/2017VulD...cvss3_nvd_basescore9.8nist.gov09/26/2017accepted90
714009409/26/2017VulD...0day_days8809/26/2017accepted90
714009309/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
714009209/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
714009109/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
714009009/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
714008909/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
714008809/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
714008709/26/2017VulD...locationWebsite09/26/2017accepted90
714008609/26/2017VulD...seealso107143 107144 107145 107146 107147 10714809/26/2017accepted100
714008509/26/2017VulD...securityfocus_titleSchneider Electric U.motion Builder Multiple Security Vulnerabilitiessecurityfocus.com09/26/2017accepted100
714008409/26/2017VulD...securityfocus_classUnknownsecurityfocus.com09/26/2017accepted100
714008309/26/2017VulD...securityfocus_date1498780800 (06/30/2017)securityfocus.com09/26/2017accepted100
714008209/26/2017VulD...securityfocus99344securityfocus.com09/26/2017accepted100
714008109/26/2017VulD...cve_nvd_summaryA SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.mitre.org09/26/2017accepted100

Do you know our Splunk app?

Download it now for free!