Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for U.motion Builder by Schneider Electric SE

    CVE-2018-7787 (GCVE-0-2018-7787)

    Vulnerability from nvd – Published: 2018-07-03 14:00 – Updated: 2024-09-17 02:48
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
    Severity
    No CVSS data available.
    CWE
    • Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7787",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:48:14.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7786 (GCVE-0-2018-7786)

    Vulnerability from nvd – Published: 2018-07-03 14:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7786",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:28.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7785 (GCVE-0-2018-7785)

    Vulnerability from nvd – Published: 2018-07-03 14:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
    Severity
    No CVSS data available.
    CWE
    • Remote Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.642Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7785",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:37.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7784 (GCVE-0-2018-7784)

    Vulnerability from nvd – Published: 2018-07-03 14:00 – Updated: 2024-09-16 19:35
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.
    Severity
    No CVSS data available.
    CWE
    • Print Format Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Print Format Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7784",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Print Format Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7784",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:35:35.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7785 (GCVE-0-2018-7785)

    Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
    Severity
    No CVSS data available.
    CWE
    • Remote Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.642Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7785",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:37.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7787 (GCVE-0-2018-7787)

    Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-17 02:48
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
    Severity
    No CVSS data available.
    CWE
    • Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7787",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:48:14.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7786 (GCVE-0-2018-7786)

    Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7786",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:28.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7784 (GCVE-0-2018-7784)

    Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-16 19:35
    VLAI
    Summary
    In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.
    Severity
    No CVSS data available.
    CWE
    • Print Format Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE U.motion Builder Affected: U.motion Builder, all versions prior to 1.3.4
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
              },
              {
                "name": "104447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "U.motion Builder",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "U.motion Builder, all versions prior to 1.3.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Print Format Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-04T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
            },
            {
              "name": "104447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-7784",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "U.motion Builder",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "U.motion Builder, all versions prior to 1.3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Print Format Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
                },
                {
                  "name": "104447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7784",
        "datePublished": "2018-07-03T14:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:35:35.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }