High severity7.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2017-9958

Description

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

Affected products

Schneider Electric/U.motion Builder
cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*
Range: <=1.2.1
Schneider Electric SE/U.Motionv5
Range: U.motion Builder Versions 1.2.1 and prior.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schneider-electric.com/en/download/document/SEVD-2017-178-01/nvdVendor Advisory
www.securityfocus.com/bid/99344nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000