U.motion Builder Security Vulnerabilities and Issues — U.motion Builder CVE List

Lucene search

Schneider-electricU.motion Builder

10 matches found

CVE•added 2018/07/03 2:29 p.m.•79 views

CVE-2018-7777

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

8.8CVSS8.3AI score0.08619EPSS

CVE•added 2018/07/03 2:29 p.m.•75 views

CVE-2018-7765

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

8.8CVSS9.4AI score0.00231EPSS

CVE•added 2018/07/03 2:29 p.m.•43 views

CVE-2018-7766

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•43 views

CVE-2018-7771

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.

8CVSS7.6AI score0.00483EPSS

CVE•added 2018/07/03 2:29 p.m.•43 views

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•42 views

CVE-2018-7772

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, ...

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•41 views

CVE-2018-7767

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•41 views

CVE-2018-7768

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•40 views

CVE-2018-7769

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

8.8CVSS8.8AI score0.00346EPSS

CVE•added 2018/07/03 2:29 p.m.•37 views

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

8.8CVSS8.8AI score0.00346EPSS