CVE-2017-9958

Published: Sep 26, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

Affected (1)

Products: Schneider Electric: U.motion Builder

Schneider Electric

1 product

U.motion Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric U.motion Builder	Up to 1.2.1

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/

Source: cybersecurity@se.com

Vendor Advisory

http://www.securityfocus.com/bid/99344

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/99344

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.