CRITICAL🇵🇱 Wersja polska

CVE-2017-7974

CVSS 9.8v3.0pub. 2017-09-26upd. 2026-05-13

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric U.motion Builder

    APP
    Schneider-Electric
    ≤ 1.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2018-7841CRITICAL9.8⚠ KEVten sam produkt

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...

CVE-2018-7785CRITICAL9.8ten sam produkt

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...

CVE-2017-9957CRITICAL9.8ten sam produkt

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...

CVE-2017-7973CRITICAL9.8ten sam produkt

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prio...

CVE-2018-7765HIGH8.8ten sam produkt

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...