CRITICAL🇬🇧 English

CVE-2017-7974

CVSS 9.8v3.0pub. 2017-09-26upd. 2026-05-13

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric U.motion Builder

    APP
    Schneider-Electric
    ≤ 1.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEPath Traversal
CWE
Referencje

Powiązane podatności

CVE-2018-7841CRITICAL9.8⚠ KEVten sam produkt

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...

CVE-2018-7785CRITICAL9.8ten sam produkt

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...

CVE-2017-9957CRITICAL9.8ten sam produkt

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...

CVE-2017-7973CRITICAL9.8ten sam produkt

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prio...

CVE-2018-7765HIGH8.8ten sam produkt

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...