{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:19:27.591","vulnerabilities":[{"cve":{"id":"CVE-2017-9956","sourceIdentifier":"cybersecurity@se.com","published":"2017-09-26T01:29:03.837","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass"},{"lang":"es","value":"Existe una vulnerabilidad de omisión de autenticación en las versiones 1.2.1 y anteriores del software de U.motion Builder de Schneider Electric en la que el sistema contiene una sesión válida embebida. Un atacante podría utilizar ese ID de sesión como parte de la cookie HTTP de una petición web, resultando en una omisión de autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.1","matchCriteriaId":"849D3761-51AA-4820-B995-BBB065B8086B"}]}]}],"references":[{"url":"http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/99344","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/99344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}