CVE-2017-7973: SQL Injection
First published: Mon Sep 25 2017(Updated: )
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric U.motion Builder | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7973?
CVE-2017-7973 is classified as a critical SQL injection vulnerability.
How do I fix CVE-2017-7973?
To address CVE-2017-7973, upgrade to Schneider Electric's U.motion Builder version 1.2.2 or later.
Who is affected by CVE-2017-7973?
CVE-2017-7973 affects users of Schneider Electric's U.motion Builder software versions 1.2.1 and earlier.
What type of attack can be executed via CVE-2017-7973?
CVE-2017-7973 allows an unauthenticated user to execute arbitrary SQL commands against the underlying database.
What software is associated with CVE-2017-7973?
CVE-2017-7973 is associated with Schneider Electric's U.motion Builder software.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric u.motion builder
- version/schneider electric u.motion builder/1.2.1