Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |||||
CVE-2017-9960 | 1 Schneider-electric | 1 U.motion Builder | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | |||||
CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | |||||
CVE-2017-9959 | 1 Schneider-electric | 1 U.motion Builder | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. |