CVE-2017-9956
Schneider Electric U.motion Builder software versions 1.2.1 and prior are affected by CVE-2017-9956 due to a hard-coded valid session. An attacker can reuse that session ID in an HTTP cookie to bypass authentication and access the web interface, as described in the NVD entry. The Update A advisor...