CVE-2018-7841 — Schneider Electric U.motion Builder SQL Injection Vulnerability
2022-04-15 • CISA Known Exploited Vulnerability
[event] A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Schneider Electric |
| Product | U.motion Builder |
| CWE | CWE-89 |
| CVE ID | CVE-2018-7841 |
| Date Added | 2022-04-15 |
| Due Date | 2022-05-06 |
| Ransomware Campaign | Unknown |
> MITIGATION
The impacted product is end-of-life and should be disconnected if still in use.
Due Date: 2022-05-06