Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7775 (GCVE-0-2018-7775)
Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2018-07-10 16:57
VLAI?
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-07-10T16:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7775",
"datePublished": "2018-07-03T14:00:00",
"dateRejected": "2018-07-10T16:57:01",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2018-07-10T16:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage\"}]",
"id": "CVE-2018-7775",
"lastModified": "2023-11-07T03:01:10.550",
"published": "2018-07-03T14:29:01.070",
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Rejected"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7775\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2018-07-03T14:29:01.070\",\"lastModified\":\"2023-11-07T03:01:10.550\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage\"}],\"metrics\":{},\"references\":[]}}"
}
}
VAR-201807-1873
Vulnerability from variot - Updated: 2023-12-18 11:10Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. U.motion Builder is a generator product from Schneider Electric, France. An information disclosure vulnerability exists in Schneider Electric U.motion Builder externalframe.php. An attacker can exploit the vulnerability to obtain path information returned by exception information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1873",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric u.motion builder",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider",
"version": "1.3.4"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
]
},
"cve": "CVE-2018-7775",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-07820",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. U.motion Builder is a generator product from Schneider Electric, France. An information disclosure vulnerability exists in Schneider Electric U.motion Builder externalframe.php. An attacker can exploit the vulnerability to obtain path information returned by exception information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7775"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
},
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7775",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2018-07820",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-095-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2EB67E1-39AB-11E9-95B7-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
},
{
"db": "NVD",
"id": "CVE-2018-7775"
}
]
},
"id": "VAR-201807-1873",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
]
},
"last_update_date": "2023-12-18T11:10:37.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-07820)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125975"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9607472623\u0026p_file_name=sevd-2018-095-01+u.motion.pdf\u0026p_reference=sevd-2018-095-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07820"
},
{
"db": "NVD",
"id": "CVE-2018-7775"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-18T00:00:00",
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07820"
},
{
"date": "2018-07-03T14:29:01.070000",
"db": "NVD",
"id": "CVE-2018-7775"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07820"
},
{
"date": "2023-11-07T03:01:10.550000",
"db": "NVD",
"id": "CVE-2018-7775"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-07820)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07820"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information leakage",
"sources": [
{
"db": "IVD",
"id": "e2eb67e1-39ab-11e9-95b7-000c29342cb1"
}
],
"trust": 0.2
}
}
FKIE_CVE-2018-7775
Vulnerability from fkie_nvd - Published: 2018-07-03 14:29 - Updated: 2023-11-07 03:01
Severity ?
Summary
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
],
"id": "CVE-2018-7775",
"lastModified": "2023-11-07T03:01:10.550",
"metrics": {},
"published": "2018-07-03T14:29:01.070",
"references": [],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Rejected"
}
CERTFR-2018-AVI-172
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | U.motion Builder Software versions antérieures à v1.3.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "U.motion Builder Software versions ant\u00e9rieures \u00e0 v1.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7767"
},
{
"name": "CVE-2018-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7777"
},
{
"name": "CVE-2018-7766",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7766"
},
{
"name": "CVE-2017-7494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7494"
},
{
"name": "CVE-2018-7763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7763"
},
{
"name": "CVE-2018-7764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7764"
},
{
"name": "CVE-2018-7769",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7769"
},
{
"name": "CVE-2018-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7775"
},
{
"name": "CVE-2018-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7772"
},
{
"name": "CVE-2018-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7774"
},
{
"name": "CVE-2018-7765",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7765"
},
{
"name": "CVE-2018-7770",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7770"
},
{
"name": "CVE-2018-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7771"
},
{
"name": "CVE-2018-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7773"
},
{
"name": "CVE-2018-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7776"
},
{
"name": "CVE-2018-7768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7768"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-172",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-04-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric du 05 avril 2018",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=9607472623\u0026p_File_Name=SEVD-2018-095-01+U.motion.pdf\u0026p_Reference=SEVD-2018-095-01"
}
]
}
CERTFR-2018-AVI-172
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | U.motion Builder Software versions antérieures à v1.3.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "U.motion Builder Software versions ant\u00e9rieures \u00e0 v1.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7767"
},
{
"name": "CVE-2018-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7777"
},
{
"name": "CVE-2018-7766",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7766"
},
{
"name": "CVE-2017-7494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7494"
},
{
"name": "CVE-2018-7763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7763"
},
{
"name": "CVE-2018-7764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7764"
},
{
"name": "CVE-2018-7769",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7769"
},
{
"name": "CVE-2018-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7775"
},
{
"name": "CVE-2018-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7772"
},
{
"name": "CVE-2018-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7774"
},
{
"name": "CVE-2018-7765",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7765"
},
{
"name": "CVE-2018-7770",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7770"
},
{
"name": "CVE-2018-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7771"
},
{
"name": "CVE-2018-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7773"
},
{
"name": "CVE-2018-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7776"
},
{
"name": "CVE-2018-7768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7768"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-172",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-04-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric du 05 avril 2018",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=9607472623\u0026p_File_Name=SEVD-2018-095-01+U.motion.pdf\u0026p_Reference=SEVD-2018-095-01"
}
]
}
CNVD-2018-07820
Vulnerability from cnvd - Published: 2018-04-18
VLAI Severity ?
Title
Schneider Electric U.motion Builder信息泄露漏洞(CNVD-2018-07820)
Description
U.motion Builder是法国施耐德电气(Schneider Electric)公司的一款生成器产品。
Schneider Electric U.motion Builder externalframe.php中存在信息泄露漏洞。攻击者可利用漏洞获取异常信息返回的路径信息。
Severity
中
Patch Name
Schneider Electric U.motion Builder信息泄露漏洞(CNVD-2018-07820)的补丁
Patch Description
U.motion Builder是法国施耐德电气(Schneider Electric)公司的一款生成器产品。
Schneider Electric U.motion Builder externalframe.php中存在信息泄露漏洞。攻击者可利用漏洞获取异常信息返回的路径信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可联系供应商获得补丁信息: https://www.schneider-electric.com/en/download/document/SE_UMOTION_BUILDER/
Reference
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9607472623&p_File_Name=SEVD-2018-095-01+U.motion.pdf&p_Reference=SEVD-2018-095-01
Impacted products
| Name | Schneider Electric U.motion Builder <1.3.4 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-7775"
}
},
"description": "U.motion Builder\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u751f\u6210\u5668\u4ea7\u54c1\u3002 \r\n\r\nSchneider Electric U.motion Builder externalframe.php\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u5f02\u5e38\u4fe1\u606f\u8fd4\u56de\u7684\u8def\u5f84\u4fe1\u606f\u3002",
"discovererName": "Rgod",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.schneider-electric.com/en/download/document/SE_UMOTION_BUILDER/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-07820",
"openTime": "2018-04-18",
"patchDescription": "U.motion Builder\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u751f\u6210\u5668\u4ea7\u54c1\u3002 \r\n\r\nSchneider Electric U.motion Builder externalframe.php\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u5f02\u5e38\u4fe1\u606f\u8fd4\u56de\u7684\u8def\u5f84\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Schneider Electric U.motion Builder\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-07820\uff09\u7684\u8865\u4e01",
"products": {
"product": "Schneider Electric U.motion Builder \u003c1.3.4"
},
"referenceLink": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=9607472623\u0026p_File_Name=SEVD-2018-095-01+U.motion.pdf\u0026p_Reference=SEVD-2018-095-01",
"serverity": "\u4e2d",
"submitTime": "2018-04-13",
"title": "Schneider Electric U.motion Builder\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-07820\uff09"
}
GSD-2018-7775
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7775",
"description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"id": "GSD-2018-7775"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7775"
],
"details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"id": "GSD-2018-7775",
"modified": "2023-12-13T01:22:32.933066Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7775",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…