CNVD-2017-09480 — Vulnetix

CNVD-2017-09480 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder Embedded存在会话ID身份验证绕过漏洞。该应用程序具有硬编码的静态会话ID。通过在HTTP cookie中嵌入该会话ID，攻击者可以绕过应用程序的身份验证和执行功能。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder

Timeline

Jun 14, 2017 CVE ID Reserved
Jun 14, 2017 CVE Published

References

http://www.zerodayinitiative.com/advisories/ZDI-17-391/ url

Open in Interactive Console →