CVE-2017-9959

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
schneider-electricu.motion_builder
𝑥
≤ 1.2.1
𝑥
= Vulnerable software versions
References
http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
http://www.securityfocus.com/bid/99344
http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/
http://www.securityfocus.com/bid/99344