Schneider Electric U.motion Builder up to 1.2.1 Web Service hard-coded credentials

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Schneider Electric U.motion Builder up to 1.2.1 (Automation Software). This affects an unknown part of the component Web Service. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082003301/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1082003201/14/2021VulD...person_namergod working with Trend Micro???s Zero Day Initiative.securityfocus.com01/14/2021accepted70
714027811/19/2019VulD...confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/schneider-electric.com11/19/2019accepted100
714027711/19/2019VulD...company_nameZero Day Initiative11/19/2019accepted100
714023511/19/2019VulD...discoverydate149869440011/19/2019accepted100
714029709/26/2017VulD...cvss3_nvd_basescore9.8nist.gov09/26/2017accepted90
714029609/26/2017VulD...0day_days8809/26/2017accepted90
714029509/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
714029409/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
714029309/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
714029209/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
714029109/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
714029009/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
714028909/26/2017VulD...locationWebsite09/26/2017accepted90
714028809/26/2017VulD...seealso107142 107143 107144 107146 107147 10714809/26/2017accepted100
714028709/26/2017VulD...securityfocus_titleSchneider Electric U.motion Builder Multiple Security Vulnerabilitiessecurityfocus.com09/26/2017accepted100
714028609/26/2017VulD...securityfocus_classUnknownsecurityfocus.com09/26/2017accepted100
714028509/26/2017VulD...securityfocus_date1498780800 (06/30/2017)securityfocus.com09/26/2017accepted100
714028409/26/2017VulD...securityfocus99344securityfocus.com09/26/2017accepted100
714028309/26/2017VulD...cve_nvd_summaryA vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.mitre.org09/26/2017accepted100

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!