CNVD-2017-09471 — Vulnetix

CNVD-2017-09471 PUBLISHED

此漏洞允许远程攻击者在施耐德电气U.motion Builder的易受攻击的安装上执行任意代码。不需要验证来利用此漏洞。 Schneider Electric U.motion Builder track_getdata存在远程代码执行漏洞。底层SQLite数据库查询需要对id输入参数进行SQL注入。远程攻击者可以利用漏洞对数据库执行任意命令。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder

Timeline

Jun 14, 2017 CVE ID Reserved
Jun 14, 2017 CVE Published

References

http://www.zerodayinitiative.com/advisories/ZDI-17-382/ url

Open in Interactive Console →