CVE-2020-7500
CRITICALSchneider Electric U.motion Servers and Touch Panels < 1.4.2 - SQL Injection
Title source: llmDescription
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-133-03/
Scores
CVSS v3
9.8
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (6)
schneider-electric/mtn6260-0310_firmware
< 1.4.2
schneider-electric/mtn6260-0315_firmware
< 1.4.2
schneider-electric/mtn6260-0410_firmware
< 1.4.2
schneider-electric/mtn6260-0415_firmware
< 1.4.2
schneider-electric/mtn6501-0001_firmware
< 1.4.2
schneider-electric/mtn6501-0002_firmware
< 1.4.2
Published
Jun 16, 2020
Tracked Since
Feb 18, 2026