Vulnerability Description
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | U.Motion Builder | < 1.3.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104447Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/Vendor Advisory
- http://www.securityfocus.com/bid/104447Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/Vendor Advisory
FAQ
What is CVE-2018-7787?
CVE-2018-7787 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
How severe is CVE-2018-7787?
CVE-2018-7787 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7787?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric U.Motion Builder.