Skip to main content

U Motion Builder

23 CVEs product

Monthly

CVE-2018-7787 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-7786 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7785 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7777 HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.8%
CVE-2018-7776 MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-7774 HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7773 HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7772 HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7771 HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
8.0
EPSS
1.4%
CVE-2018-7769 HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7768 HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7767 HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7766 HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7765 HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-7764 MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-7763 MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2017-9960 MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-9959 MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9958 HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9957 CRITICAL Act Now

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9956 HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-7974 CRITICAL Act Now

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Schneider Electric RCE U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2017-7973 CRITICAL Act Now

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.3%
EPSS 1% CVSS 5.3
MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection +1
NVD
EPSS 32% CVSS 8.8
HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
EPSS 1% CVSS 8.0
HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Schneider Electric +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy