SQL Injection Vulnerability in U.motion Servers and Touch Panels by Schneider Electric
CVE-2020-7500

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: U.motion Servers And Touch Panels (affected Versions Listed In The Security Notification)
Vendor: CVE Published:; 16 June 2020

Summary

A vulnerability in U.motion Servers and Touch Panels allows for SQL Injection attacks, potentially enabling an attacker to execute arbitrary commands. This vulnerability arises from improper handling of special elements in SQL commands, making it crucial for users to apply the recommended security updates and patches to safeguard their systems against exploitation.

Affected Version(s)

U.motion Servers and Touch Panels (affected listed in the security notification) U.motion Servers and Touch Panels (affected versions listed in the security notification)

References

https://www.se.com/ww/en/download/document/SEVD-2020-133-03/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020