Intrusion Prevention

Schneider.Electric.U.motion.Builder.SQL.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in Schneider Electric U.motion Builder.
The vulnerability is due to insufficient validation of user supplied inputs. A remote attacker can exploit this by sending a crafted query to execute SQL commands on a vulnerable server.

Affected Products

Schneider Electric U.motion Builder 1.3.4 and prior

Impact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

CVE References

CVE-2017-7973 CVE-2018-7841