CVE-2017-9957

Summary

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEU.MotionU.motion Builder Versions 1.2.1 and prior.affected

Weaknesses

  • Use of Hardcoded Password

ADP Enrichment

CVE Program Container

Additional References

References