CVE-2017-9957

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 36.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric U.motion Builder Schneider Electric SE U.motion

Timeline

PublishedSep 26

Latest updateMay 17

Description

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDschneider-electric/u.motion_builder1.2.1

▶CVEListV5schneider_electric_se/u.motionU.motion Builder Versions 1.2.1 and prior.

🔴Vulnerability Details

GHSA

GHSA-2h3q-jf7q-6jvh: A vulnerability exists in Schneider Electric's U↗2022-05-17

▶

CVEList

CVE-2017-9957: A vulnerability exists in Schneider Electric's U↗2017-09-25

▶