SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric
CVE-2020-7493

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd)
Vendor: CVE Published:; 16 June 2020

Summary

A vulnerability exists in EcoStruxure Operator Terminal Expert that allows for improper handling of special elements within SQL commands. This could lead to execution of malicious code when a project file is opened, potentially exposing sensitive information and compromising system integrity. Affected users are advised to update to the latest version to mitigate the risk associated with these vulnerabilities.

Affected Version(s)

EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)

References

https://www.se.com/ww/en/download/document/SEVD-2020-133-04

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020