This vulnerability allows remote attackers to execute arbitrary SQL commands on vulnerable installations of Schneider Electric U.Motion Builder. Authentication is not required to exploit this vulnerability.
The specific flaw exists within processing of SOAP requests by the web service. The system allows SOAP requests to perform arbitrary SQL commands. An attacker can leverage this vulnerability to execute arbitrary code in the context of the database.