CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2018-7841

CVSS 9.8v3.1pub. 2019-05-22upd. 2025-11-03

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric U.motion Builder

    APP
    Schneider-Electric
    1.3.4

CISA KEV — detailsi

Vendori
Schneider Electric
Producti
U.motion Builder
Added to KEVi
April 15, 2022
Remediation deadline (US Federal)i
May 6, 2022(overdue)
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 6 maja 2022
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2018-7785CRITICAL9.8ten sam produkt

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...

CVE-2017-7973CRITICAL9.8ten sam produkt

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prio...

CVE-2017-9957CRITICAL9.8ten sam produkt

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...

CVE-2017-7974CRITICAL9.8ten sam produkt

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software...

CVE-2018-7765HIGH8.8ten sam produkt

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...