nvd-json-data-feeds/CVE-2017/CVE-2017-79xx/CVE-2017-7973.json

{
  "id": "CVE-2017-7973",
  "sourceIdentifier": "cybersecurity@se.com",
  "published": "2017-09-26T01:29:03.647",
  "lastModified": "2017-09-27T20:47:19.383",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en las versiones 1.2.1 y anteriores del software de U.motion Builder de Schneider Electric en la que un usuario no autenticado puede llamar a varias rutas permitiendo que se ejecuten comandos SQL arbitrarios contra la base de data subyacente."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.2.1",
              "matchCriteriaId": "849D3761-51AA-4820-B995-BBB065B8086B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/",
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/99344",
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}