Multiple vulnerabilities in Schneider Electric U.motion Builder
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-7973 CVE-2017-7974 CVE-2017-9956 CVE-2017-9957 CVE-2017-9958 CVE-2017-9959 CVE-2017-9960 |
| CWE-ID | CWE-89 CWE-22 CWE-287 CWE-259 CWE-284 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
U.motion Builder Universal components / Libraries / Software for developers |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU7261
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7973
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can use calls to various paths in order to perform arbitrary SQL statements and execute arbitrary SQL commands.
Successful exploitation of the vulnerability may allow an attacker to gain complete control over vulnerable database.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU7262
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-7974
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to path traversal. A remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass
EUVDB-ID: #VU7263
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9956
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to hard-coded valid session. A remote attacker can use that session ID as part of the HTTP cookie of a web request and bypass authentication and gain unauthorized access to the system.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authentication bypass
EUVDB-ID: #VU7264
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9957
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to use of hard-coded password. A remote attacker can bypass authentication and gain unauthorized access to the system.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Arbitrary code execution
EUVDB-ID: #VU7265
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9958
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper handling of the system configuration. A local attacker can execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU7266
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9959
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to improper access control. A local attacker can cause reboot of session.
Successful exploitation of the vulnerability results in denial of service.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU7267
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9960
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to system returns more information than should be passed. A remote attacker can read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsU.motion Builder: 1.0.1 - 1.2.1
CPE2.3- cpe:2.3:a:schneider_electric:umotion_builder:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:umotion_builder:1.2.1:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
