CVE-2017-9958

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motion BuilderSchneider Electric SE U.motion
Timeline
PublishedSep 26
Latest updateMay 13

Description

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric_se/u.motionU.motion Builder Versions 1.2.1 and prior.

🔴Vulnerability Details

2
GHSA
GHSA-j3gj-x98q-mh76: An improper access control vulnerability exists in Schneider Electric's U2022-05-13
CVEList
CVE-2017-9958: An improper access control vulnerability exists in Schneider Electric's U2017-09-25
CVE-2017-9958 (HIGH CVSS 7.8) | An improper access control vulnerab | cvebase.io