Schneider Electric Accutech Manager 'RFManagerService' SQL Injection
Critical Nessus Plugin ID 70921
SynopsisThe remote host is affected by a SQL injection vulnerability.
DescriptionThe remote host has a version of Schneider Electric Accutech Manager installed that is affected by a SQL injection vulnerability. By sending a specially crafted packet to 'RFManagerService' listening on port 2536, an attacker is able to authenticate to the service and then manipulate the software.
SolutionConfigure the firewalls to only permit specific systems to access ports 2536 and 2537.