Schneider Electric U.motion Builder up to 1.2.1 Request hard-coded credentials

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Schneider Electric U.motion Builder up to 1.2.1 (Automation Software). It has been rated as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082003101/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1082003001/14/2021VulD...person_namergod working with Trend Micro???s Zero Day Initiative.securityfocus.com01/14/2021accepted70
714021011/19/2019VulD...confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/schneider-electric.com11/19/2019accepted100
714020911/19/2019VulD...company_nameZero Day Initiative11/19/2019accepted100
714016811/19/2019VulD...discoverydate149869440011/19/2019accepted100
714022909/26/2017VulD...cvss3_nvd_basescore7.3nist.gov09/26/2017accepted90
714022809/26/2017VulD...0day_days8809/26/2017accepted90
714022709/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
714022609/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
714022509/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
714022409/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
714022309/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
714022209/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
714022109/26/2017VulD...locationWebsite09/26/2017accepted90
714022009/26/2017VulD...seealso107142 107143 107145 107146 107147 10714809/26/2017accepted100
714021909/26/2017VulD...securityfocus_titleSchneider Electric U.motion Builder Multiple Security Vulnerabilitiessecurityfocus.com09/26/2017accepted100
714021809/26/2017VulD...securityfocus_classUnknownsecurityfocus.com09/26/2017accepted100
714021709/26/2017VulD...securityfocus_date1498780800 (06/30/2017)securityfocus.com09/26/2017accepted100
714021609/26/2017VulD...securityfocus99344securityfocus.com09/26/2017accepted100
714021509/26/2017VulD...cve_nvd_summaryAn authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypassmitre.org09/26/2017accepted100

Do you know our Splunk app?

Download it now for free!