CVE-2017-9960

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 53.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motion BuilderSchneider Electric SE U.motion
Timeline
PublishedSep 26
Latest updateMay 17

Description

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5schneider_electric_se/u.motionU.motion Builder Versions 1.2.1 and prior.

🔴Vulnerability Details

2
GHSA
GHSA-cm9x-2r77-wf8f: An information disclosure vulnerability exists in Schneider Electric's U2022-05-17
CVEList
CVE-2017-9960: An information disclosure vulnerability exists in Schneider Electric's U2017-09-25
CVE-2017-9960 (MEDIUM CVSS 5.3) | An information disclosure vulnerabi | cvebase.io