CVE-2017-7974

CWE-22Path Traversal3 documents3 sources
Severity
9.8CRITICAL
EPSS
7.8%
top 8.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motion BuilderSchneider Electric SE U.motion
Timeline
PublishedSep 26
Latest updateMay 17

Description

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric_se/u.motionU.motion Builder Versions 1.2.1 and prior.

🔴Vulnerability Details

2
GHSA
GHSA-qxqh-f93m-86fp: A path traversal information disclosure vulnerability exists in Schneider Electric's U2022-05-17
CVEList
CVE-2017-7974: A path traversal information disclosure vulnerability exists in Schneider Electric's U2017-09-25
CVE-2017-7974 (CRITICAL CVSS 9.8) | A path traversal information disclo | cvebase.io