Schneider Electric U.motion Builder up to 1.2.1 Access Control Config access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Schneider Electric U.motion Builder up to 1.2.1 (Automation Software). This vulnerability affects an unknown code of the component Access Control. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 03:17 PM11/19/2019 05:51 PM01/14/2021 02:08 PM
securityfocus993449934499344
securityfocus_date1498780800 (06/30/2017)1498780800 (06/30/2017)1498780800 (06/30/2017)
securityfocus_classUnknownUnknownUnknown
securityfocus_titleSchneider Electric U.motion Builder Multiple Security VulnerabilitiesSchneider Electric U.motion Builder Multiple Security VulnerabilitiesSchneider Electric U.motion Builder Multiple Security Vulnerabilities
seealso107142 107143 107144 107145 107147 107148107142 107143 107144 107145 107147 107148107142 107143 107144 107145 107147 107148
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days888888
cvss3_nvd_basescore7.87.87.8
typeAutomation SoftwareAutomation SoftwareAutomation Software
vendorSchneider ElectricSchneider ElectricSchneider Electric
nameU.motion BuilderU.motion BuilderU.motion Builder
version<=1.2.1<=1.2.1<=1.2.1
componentAccess ControlAccess ControlAccess Control
input_typeConfigConfigConfig
cwe284 (privilege escalation)284 (privilege escalation)284 (privilege escalation)
risk222
cvss2_vuldb_basescore7.27.27.2
cvss2_vuldb_tempscore7.27.27.2
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.87.87.8
cvss3_meta_tempscore7.87.87.8
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore7.87.87.8
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
viaZDI (Zero Day Initiative)ZDI (Zero Day Initiative)ZDI (Zero Day Initiative)
person_nicknamergodrgodrgod
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-9958CVE-2017-9958CVE-2017-9958
cve_assigned149843520014984352001498435200
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryAn improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.
discoverydate14986944001498694400
company_nameZero Day InitiativeZero Day Initiative
confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
person_namergod working with Trend Micro???s Zero Day Initiative.
cvss2_nvd_basescore7.2

Do you need the next level of professionalism?

Upgrade your account now!