Vulnerabilities > Schneider Electric > U Motion Builder > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7841 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.3.4 A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | 7.5 |
| 2018-07-03 | CVE-2018-7785 | Command Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | 7.5 |
| 2017-09-26 | CVE-2017-9958 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 7.2 |
| 2017-09-26 | CVE-2017-9957 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. | 7.5 |
| 2017-09-26 | CVE-2017-9956 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. | 7.5 |
| 2017-09-26 | CVE-2017-7974 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | 7.5 |
| 2017-09-26 | CVE-2017-7973 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | 7.5 |