SAP’s February round of critical software updates includes one for SAP Manufacturing Integration and Intelligence. The software is widely used in manufacturing industry, where it connects factory-floor systems to business applications for performance monitoring. A bug in Trex, the search engine component of SAP NetWeaver, allowed unauthorized execution of OS commands. The second-most-critical patch (with a CVSS score of 6.8) was for a SQL injection vulnerability in SAP’s UDDI server. Researchers demonstrated similar attacks against oil and gas companies at the recent BlackHat conference.”]
Source: https://www.csoonline.com/article/3032160/sap-slaps-patch-on-leaky-factory-software.html