Vulnerabilities > Schneider Electric > U Motion Builder > 1.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-7768 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
| 2018-07-03 | CVE-2018-7767 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
| 2018-07-03 | CVE-2018-7766 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
| 2018-07-03 | CVE-2018-7765 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
| 2018-07-03 | CVE-2018-7764 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
| 2018-07-03 | CVE-2018-7763 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
| 2017-09-26 | CVE-2017-9960 | Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | 5.0 |
| 2017-09-26 | CVE-2017-9959 | Unspecified vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. | 4.9 |
| 2017-09-26 | CVE-2017-9958 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 7.2 |
| 2017-09-26 | CVE-2017-9957 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. | 7.5 |