U.motion Builder Security Vulnerabilities and Issues — U.motion Builder CVE List

Lucene search

Schneider-electricU.motion Builder

5 matches found

CVE•added 2019/05/22 8:29 p.m.•1013 views

CVE-2018-7841

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

9.8CVSS9.8AI score0.59135EPSS

In wild

CVE•added 2017/09/26 1:29 a.m.•51 views

CVE-2017-9957

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

9.8CVSS9.1AI score0.00443EPSS

CVE•added 2017/09/26 1:29 a.m.•47 views

CVE-2017-7974

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

9.8CVSS9.4AI score0.07797EPSS

CVE•added 2017/09/26 1:29 a.m.•46 views

CVE-2017-7973

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

9.8CVSS9.8AI score0.00336EPSS

CVE•added 2018/07/03 2:29 p.m.•40 views

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

9.8CVSS9.7AI score0.14467EPSS