CVE-2017-9959

{"id": "CVE-2017-9959", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-09-26T01:29:03.927", "references": [{"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "http://www.securityfocus.com/bid/99344", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cybersecurity@se.com"}, {"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/99344", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition."}, {"lang": "es", "value": "Existe una vulnerabilidad en las versiones 1.2.1 y anteriores del software de U.motion Builder de Schneider Electric en la que el sistema acepta el reinicio en una sesi\u00f3n por usuarios no autenticados, permitiendo que se realice una denegaci\u00f3n de servicio."}], "lastModified": "2024-11-21T03:37:15.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849D3761-51AA-4820-B995-BBB065B8086B", "versionEndIncluding": "1.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}