CVE-2018-7841 — Schneider Electric U.motion Builder

Schneider Electric U.motion Builder SQL Injection Vulnerability

Added to KEV

2022-04-15

Federal due date

2022-05-06

Vendor

Schneider Electric

Product

U.motion Builder

EPSS

98.1th percentile (score 0.547, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2018-7841

CISA short description

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Required action

The impacted product is end-of-life and should be disconnected if still in use.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.