GCVE - cpe:2.3:a:schneider_electric_se:u.motion

Approved changes feed: RSS · Atom

cpe:2.3:a:schneider_electric_se:u.motion_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Schneider Electric Se (`25d1a66d-bfb8-5d1c-9a6c-4a2405fe5386`)
Product	U.Motion Builder (`b4b56ce7-4d3e-5c7d-9b3a-0845bcd0bf31`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-7787`	vulnerable	2026-06-03 14:39:07.388161	Details available In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Published: 2018-07-03T14:00:00.000Z Updated: 2024-09-17T02:48:14.082Z Open on db.gcve.eu Reference links https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/ http://www.securityfocus.com/bid/104447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7786`	vulnerable	2026-06-03 14:39:07.387859	Details available In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Published: 2018-07-03T14:00:00.000Z Updated: 2024-09-17T02:06:28.904Z Open on db.gcve.eu Reference links https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/ http://www.securityfocus.com/bid/104447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7785`	vulnerable	2026-06-03 14:39:07.387542	Details available In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Published: 2018-07-03T14:00:00.000Z Updated: 2024-09-16T18:08:37.585Z Open on db.gcve.eu Reference links https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/ http://www.securityfocus.com/bid/104447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7784`	vulnerable	2026-06-03 14:39:07.387158	Details available In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. Published: 2018-07-03T14:00:00.000Z Updated: 2024-09-16T19:35:35.515Z Open on db.gcve.eu Reference links https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/ http://www.securityfocus.com/bid/104447	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

U.Motion Builder

PURL mappings

Vulnerability references

Contribute