(0Day) Schneider Electric U.motion Builder SOAP Request Remote SQL Command Execution Vulnerability

ID ZDI-17-387
Type zdi
Reporter rgod
Modified 2017-06-12T00:00:00


This vulnerability allows remote attackers to execute arbitrary SQL commands on vulnerable installations of Schneider Electric U.Motion Builder. Authentication is not required to exploit this vulnerability.

The specific flaw exists within processing of SOAP requests by the web service. The system allows SOAP requests to perform arbitrary SQL commands. An attacker can leverage this vulnerability to execute arbitrary code in the context of the database.