Schneider Electric Se U.Motion Builder vulnerabilities
4 known vulnerabilities affecting schneider_electric_se/u.motion_builder.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-7784CRITICALCVSS 9.8vU.motion Builder, all versions prior to 1.3.42018-07-03
CVE-2018-7784 [CRITICAL] CWE-20 CVE-2018-7784: In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when t
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.
cvelistv5nvd
CVE-2018-7785CRITICALCVSS 9.8vU.motion Builder, all versions prior to 1.3.42018-07-03
CVE-2018-7785 [CRITICAL] CWE-77 CVE-2018-7785: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
cvelistv5nvd
CVE-2018-7787MEDIUMCVSS 5.3vU.motion Builder, all versions prior to 1.3.42018-07-03
CVE-2018-7787 [MEDIUM] CWE-20 CVE-2018-7787: In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
cvelistv5nvd
CVE-2018-7786MEDIUMCVSS 6.1vU.motion Builder, all versions prior to 1.3.42018-07-03
CVE-2018-7786 [MEDIUM] CWE-79 CVE-2018-7786: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XS
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
cvelistv5nvd