Schneider-electric U.motion Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric U.motion Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2017-7973 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated…
CVE-2017-7974 — CVSS 9.8 (critical): A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in…
CVE-2017-9957 — CVSS 9.8 (critical): A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a…
CVE-2018-7785 — CVSS 9.8 (critical): In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
CVE-2018-7772 — CVSS 8.8 (high): The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software…
CVE-2018-7777 — CVSS 8.8 (high): The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion…
CVE-2018-7774 — CVSS 8.8 (high): The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The…
CVE-2018-7773 — CVSS 8.8 (high): The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The…
CVE-2018-7765 — CVSS 8.8 (high): The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to…
CVE-2018-7766 — CVSS 8.8 (high): The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4…
CVE-2018-7767 — CVSS 8.8 (high): The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The…
CVE-2018-7768 — CVSS 8.8 (high): The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4…
CVE-2018-7769 — CVSS 8.8 (high): The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The…
CVE-2018-7771 — CVSS 8.0 (high): The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A…
CVE-2017-9958 — CVSS 7.8 (high): An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an…
CVE-2017-9956 — CVSS 7.3 (high): An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the…
CVE-2018-7786 — CVSS 6.1 (medium): In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could…
CVE-2017-9959 — CVSS 5.5 (medium): A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in…
CVE-2018-7787 — CVSS 5.3 (medium): In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of…
CVE-2017-9960 — CVSS 5.3 (medium): An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the…
CVE-2018-7764 — CVSS 4.3 (medium): The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a…
CVE-2018-7776 — CVSS 4.3 (medium): The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is…
CVE-2018-7763 — CVSS 4.3 (medium): The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter…