SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and Prior

SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and Prior

CVE-2020-7493 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.