Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric u.motion builder vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-9958
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an malicious user to execute arbitrary code under the context of root.
Schneider-electric U.motion Builder
9.8
CVSSv3
CVE-2017-7973
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
Schneider-electric U.motion Builder
9.8
CVSSv3
CVE-2017-7974
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
Schneider-electric U.motion Builder
7.3
CVSSv3
CVE-2017-9956
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in aut...
Schneider-electric U.motion Builder
5.5
CVSSv3
CVE-2017-9959
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.
Schneider-electric U.motion Builder
5.3
CVSSv3
CVE-2017-9960
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
Schneider-electric U.motion Builder
9.8
CVSSv3
CVE-2017-9957
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.
Schneider-electric U.motion Builder
4.3
CVSSv3
CVE-2018-7764
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.
Schneider-electric U.motion Builder
8.8
CVSSv3
CVE-2018-7766
The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
Schneider-electric U.motion Builder
8.8
CVSSv3
CVE-2018-7767
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.
Schneider-electric U.motion Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »