CVE-2018-7776

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 41.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric U.motion Builder Schneider Electric SE U.motion

Timeline

PublishedJul 3

Latest updateMay 14

Description

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDschneider-electric/u.motion_builder< 1.3.4

▶CVEListV5schneider_electric_se/u.motionU.motion Builder Software, all versions prior to v1.3.4

🔴Vulnerability Details

GHSA

GHSA-7mqj-7qpc-qgx8: The vulnerability exists within error↗2022-05-14

▶

CVEList

CVE-2018-7776: The vulnerability exists within error↗2018-07-03

▶