Schneider-Electric U.Motion Builder vulnerabilities

CVE-2017-9958 [HIGH] CWE-732 CVE-2017-9958: An improper access control vulnerability exists in Schneider Electric's U.motion Builder software ve An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

CVE-2017-9956 [HIGH] CWE-798 CVE-2017-9956: An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software vers An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass

CVE-2017-9960 [MEDIUM] CWE-200 CVE-2017-9960: An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software ver An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.

CVE-2017-9959 [MEDIUM] CVE-2017-9959: A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.