CVE-2017-9956

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*

Information

Published : 2017-09-25 18:29

Updated : 2017-09-27 13:45


NVD link : CVE-2017-9956

Mitre link : CVE-2017-9956


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

schneider-electric

  • u.motion_builder