Schneider-Electric: >> U.motion Builder Security Vulnerabilities
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-09-26
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-26
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-26
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-09-26
Page 3