Vulnerability Description
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Mtn6501-0001 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6501-0001 | - |
| Schneider-Electric | Mtn6501-0002 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6501-0002 | - |
| Schneider-Electric | Mtn6260-0410 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6260-0410 | - |
| Schneider-Electric | Mtn6260-0415 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6260-0415 | - |
| Schneider-Electric | Mtn6260-0310 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6260-0310 | - |
| Schneider-Electric | Mtn6260-0315 Firmware | < 1.4.2 |
| Schneider-Electric | Mtn6260-0315 | - |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2020-133-03/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-133-03/Vendor Advisory
FAQ
What is CVE-2020-7500?
CVE-2020-7500 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notifi...
How severe is CVE-2020-7500?
CVE-2020-7500 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7500?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Mtn6501-0001 Firmware, Schneider-Electric Mtn6501-0001, Schneider-Electric Mtn6501-0002 Firmware, Schneider-Electric Mtn6501-0002, Schneider-Electric Mtn6260-0410 Firmware.