Schneider Electric U.motion Builder up to 1.2.1 path traversal

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Schneider Electric U.motion Builder up to 1.2.1 (Automation Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082002901/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1082002801/14/2021VulD...person_namergod working with Trend Micro???s Zero Day Initiative.securityfocus.com01/14/2021accepted70
714014311/19/2019VulD...confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/schneider-electric.com11/19/2019accepted100
714014211/19/2019VulD...company_nameZero Day Initiative11/19/2019accepted100
714010011/19/2019VulD...discoverydate149869440011/19/2019accepted100
714016209/26/2017VulD...cvss3_nvd_basescore9.8nist.gov09/26/2017accepted90
714016109/26/2017VulD...0day_days8809/26/2017accepted90
714016009/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
714015909/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
714015809/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
714015709/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
714015609/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
714015509/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
714015409/26/2017VulD...locationWebsite09/26/2017accepted90
714015309/26/2017VulD...seealso107142 107144 107145 107146 107147 10714809/26/2017accepted100
714015209/26/2017VulD...securityfocus_titleSchneider Electric U.motion Builder Multiple Security Vulnerabilitiessecurityfocus.com09/26/2017accepted100
714015109/26/2017VulD...securityfocus_classUnknownsecurityfocus.com09/26/2017accepted100
714015009/26/2017VulD...securityfocus_date1498780800 (06/30/2017)securityfocus.com09/26/2017accepted100
714014909/26/2017VulD...securityfocus99344securityfocus.com09/26/2017accepted100
714014809/26/2017VulD...cve_nvd_summaryA path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.mitre.org09/26/2017accepted100

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!