Critical severity9.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2017-7974

Description

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

Affected products

Schneider Electric/U.motion Builder
cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*
Range: <=1.2.1
Schneider Electric SE/U.Motionv5
Range: U.motion Builder Versions 1.2.1 and prior.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schneider-electric.com/en/download/document/SEVD-2017-178-01/nvdVendor Advisory
www.securityfocus.com/bid/99344nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000