schneider-electric u-motion-builder CVE-2018-7772 is a vulnerability in Schneider Electric U Motion Builder
Published on July 3, 2018

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.

NVD


Products Associated with CVE-2018-7772

Want to know whenever a new CVE is published for Schneider Electric U Motion Builder? stack.watch will email you.

Schneider Electric U Motion Builder
 

Affected Versions

Schneider Electric SE U.Motion Version U.motion Builder Software, all versions prior to v1.3.4 is affected by CVE-2018-7772

Exploit Probability

EPSS
0.33%
Percentile
55.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.