Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-jhfw-j77h-rvv3

Опубликовано: 06 июл. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Ссылки

EPSS

Процентиль: 43%
0.00208
Низкий

7.8 High

CVSS3

CVE ID

CVE-2022-41671

Дефекты

CWE-89

Связанные уязвимости

nvd логотип

CVE-2022-41671

CVSS3: 7
nvd
больше 3 лет назад

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

fstec логотип

BDU:2023-02121

CVSS3: 7
fstec
больше 3 лет назад

Уязвимость программного обеспечения для конфигурации HMI терминалов Schneider Electric EcoStruxure Operator Terminal Expert и программного обеспечения SCADA Pro-face BLUE, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 43%
0.00208
Низкий

7.8 High

CVSS3

CVE ID

CVE-2022-41671

Дефекты

CWE-89