Critical severity9.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2017-7973

Description

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

Affected products

Schneider Electric/U.motion Builder
cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*
Range: <=1.2.1
Schneider Electric SE/U.Motionv5
Range: U.motion Builder Versions 1.2.1 and prior.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schneider-electric.com/en/download/document/SEVD-2017-178-01/nvdVendor Advisory
www.securityfocus.com/bid/99344nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000