Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9958 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | |||||
CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | |||||
CVE-2017-9959 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. | |||||
CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. |