Sign-up

ID

VAR-201807-1873


CVE

CVE-2018-7775


TITLE

Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-07820)

Trust: 0.6

sources: CNVD: CNVD-2018-07820

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. U.motion Builder is a generator product from Schneider Electric, France. An information disclosure vulnerability exists in Schneider Electric U.motion Builder externalframe.php. An attacker can exploit the vulnerability to obtain path information returned by exception information

Trust: 1.62

sources: NVD: CVE-2018-7775 // CNVD: CNVD-2018-07820 // IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1 // CNVD: CNVD-2018-07820

AFFECTED PRODUCTS

vendor:schneidermodel:electric u.motion builderscope:ltversion:1.3.4

Trust: 0.8

sources: IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1 // CNVD: CNVD-2018-07820

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-07820
value: MEDIUM

Trust: 0.6

IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-07820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1 // CNVD: CNVD-2018-07820

TYPE

Information leakage

Trust: 0.2

sources: IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1

PATCH

title:Patch for Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-07820)url:https://www.cnvd.org.cn/patchInfo/show/125975

Trust: 0.6

sources: CNVD: CNVD-2018-07820

EXTERNAL IDS

db:NVDid:CVE-2018-7775

Trust: 1.8

db:CNVDid:CNVD-2018-07820

Trust: 0.8

db:SCHNEIDERid:SEVD-2018-095-01

Trust: 0.6

db:IVDid:E2EB67E1-39AB-11E9-95B7-000C29342CB1

Trust: 0.2

sources: IVD: e2eb67e1-39ab-11e9-95b7-000c29342cb1 // CNVD: CNVD-2018-07820 // NVD: CVE-2018-7775

REFERENCES

url:https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_id=9607472623&p_file_name=sevd-2018-095-01+u.motion.pdf&p_reference=sevd-2018-095-01

Trust: 0.6

sources: CNVD: CNVD-2018-07820

SOURCES

db:IVDid:e2eb67e1-39ab-11e9-95b7-000c29342cb1
db:CNVDid:CNVD-2018-07820
db:NVDid:CVE-2018-7775

LAST UPDATE DATE

2024-08-14T12:45:03.296000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-07820date:2018-04-18T00:00:00
db:NVDid:CVE-2018-7775date:2023-11-07T03:01:10.550

SOURCES RELEASE DATE

db:IVDid:e2eb67e1-39ab-11e9-95b7-000c29342cb1date:2018-04-18T00:00:00
db:CNVDid:CNVD-2018-07820date:2018-04-18T00:00:00
db:NVDid:CVE-2018-7775date:2018-07-03T14:29:01.070