Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Schneider-electric Subscribe
Filtered by product U.motion Builder
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7974 1 Schneider-electric 1 U.motion Builder 2017-09-27 7.5 HIGH 9.8 CRITICAL
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
CVE-2017-9956 1 Schneider-electric 1 U.motion Builder 2017-09-27 7.5 HIGH 7.3 HIGH
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass
CVE-2017-9957 1 Schneider-electric 1 U.motion Builder 2017-09-27 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.
CVE-2017-9960 1 Schneider-electric 1 U.motion Builder 2017-09-27 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.