A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric U.motion Builder
APPSchneider-Electric1.3.4
CISA KEV — detailsi
- Vendori
- Schneider Electric
- Producti
- U.motion Builder
- Added to KEVi
- April 15, 2022
- Remediation deadline (US Federal)i
- May 6, 2022(overdue)
The impacted product is end-of-life and should be disconnected if still in use.
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Related vulnerabilities
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prio...
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software...
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...