A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2022-284-01/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: schneider
Published: 2022-11-04T00:00:00
Updated: 2024-08-03T12:49:43.620Z
Reserved: 2022-09-27T00:00:00
Link: CVE-2022-41671
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-04T15:15:10.353
Modified: 2024-11-21T07:23:36.693
Link: CVE-2022-41671
Redhat
No data.