{"containers": {"cna": {"affected": [{"product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)", "vendor": "n/a", "versions": [{"status": "affected", "version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-16T19:21:54.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2020-7500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)", "version": {"version_data": [{"version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.594Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2020-7500", "datePublished": "2020-06-16T19:21:54.000Z", "dateReserved": "2020-01-21T00:00:00.000Z", "dateUpdated": "2024-08-04T09:33:19.594Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*", "matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*", "matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."}, {"lang": "es", "value": "Una CWE-89: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales utilizados en un Comando SQL (\"SQL Injection'') en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) lo cual podr\u00edan causar una ejecuci\u00f3n de c\u00f3digo arbitraria cuando un comando malicioso es ingresado"}], "id": "CVE-2020-7500", "lastModified": "2024-11-21T05:37:16.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-16T20:15:14.863", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}