CVE-2017-9958
First published: Mon Sep 25 2017(Updated: )
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric U.motion Builder | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9958?
CVE-2017-9958 is classified as a critical vulnerability due to the potential for arbitrary code execution under root privileges.
How do I fix CVE-2017-9958?
To remediate CVE-2017-9958, upgrade to Schneider Electric's U.motion Builder software version 1.2.2 or later.
What software versions are affected by CVE-2017-9958?
CVE-2017-9958 affects Schneider Electric's U.motion Builder software versions 1.2.1 and earlier.
Can CVE-2017-9958 lead to data breaches?
Yes, CVE-2017-9958 could potentially lead to data breaches by allowing attackers to execute arbitrary code.
Is CVE-2017-9958 easy to exploit?
CVE-2017-9958 may be exploited easily by attackers due to improper access control handling in the software.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric u.motion builder
- version/schneider electric u.motion builder/1.2.1