Information disclosure in U.motion Builder - CVE-2017-9960
Published: June 30, 2017
Vulnerability identifier: #VU7267
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9960
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
U.motion Builder
U.motion Builder
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to system returns more information than should be passed. A remote attacker can read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
The vulnerability exists due to system returns more information than should be passed. A remote attacker can read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-9960
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.