Schneider-electric

U.Motion Builder

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2017-9958

  • EPSS 0.06%
  • Published 26.09.2017 01:29:03
  • Last modified 20.04.2025 01:37:25

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of ...

9.8

CVE-2017-9957

  • EPSS 0.44%
  • Published 26.09.2017 01:29:03
  • Last modified 20.04.2025 01:37:25

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with hi...

7.5

CVE-2017-9956

  • EPSS 0.49%
  • Published 26.09.2017 01:29:03
  • Last modified 20.04.2025 01:37:25

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web ...

9.8

CVE-2017-7974

  • EPSS 7.8%
  • Published 26.09.2017 01:29:03
  • Last modified 20.04.2025 01:37:25

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.