Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Schneider Electric U.motion Builder (Update A)

🗓️ 29 Jun 2017 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType 
ics
 ics🔗 www.cisa.gov👁 137 Views

Schneider Electric U.motion Builder (Update A) security advisory for SQL Injection, Path Traversal and more vulnerabilities in versions 1.2.1 and prior, with potential for arbitrary command execution

Related
Refs
ReporterTitlePublishedViews
Family
0day.today		Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability
15 May 201900:00
zdt
BDU FSTEC		The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in protecting the SQL query structure, allowing attackers to execute arbitrary SQL commands.
18 Aug 201700:00
bdu_fstec
BDU FSTEC		The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” relates to deficiencies in path name restriction, allowing attackers to execute arbitrary code.
18 Aug 201700:00
bdu_fstec
BDU FSTEC		The vulnerability in the `track_import_export.php` script of the U.motion builder system allows a perpetrator to execute arbitrary SQL queries against the database.
12 Apr 201800:00
bdu_fstec
Circl		CVE-2018-7765
26 Nov 202521:02
circl
CNVD		Schneider Electric U.motion Builder Directory Traversal Vulnerability
13 Apr 201800:00
cnvd
CNVD		Schneider Electric U.motion Builder Remote Code Execution Vulnerability (CNVD-2018-07819)
13 Apr 201800:00
cnvd
Check Point Advisories		Schneider Electric U.motion Builder css.inc.php Arbitrary File Inclusion (CVE-2017-7974)
19 Jun 201700:00
checkpoint_advisories
Check Point Advisories		Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)
21 Jun 201700:00
checkpoint_advisories
Check Point Advisories		Schneider Electric U.motion Builder runscript.php Directory Traversal (CVE-2017-7974)
27 Jun 201700:00
checkpoint_advisories
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Jun 2017 00:00Current
10High risk
Vulners AI Score10
CVSS 27.5
CVSS 39.8
EPSS0.04606
schneider electricu.motion builderupdate asql injectionpath traversalimproper authenticationhard-coded passwordaccess controldenial of serviceinformation disclosurearbitrary commands
137