SB2018041010 - Multiple vulnerabilities in Schneider U.motion Builder
Published: April 10, 2018 Updated: March 30, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2018-7763)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to path traversal within css.inc.php. A remote attacker can conduct directory traversal attack and gain access to arbitrary data.
2) Path traversal (CVE-ID: CVE-2018-7764)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to path traversal in the processing of the 's' parameter of the applet. A remote attacker can conduct directory traversal attack and gain access to arbitrary data.
3) SQL injection (CVE-ID: CVE-2018-7765)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of track_import_export.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted object_id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
4) SQL injection (CVE-ID: CVE-2018-7766)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of track_getdata.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
5) SQL injection (CVE-ID: CVE-2018-7767)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of editobject.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted type id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
6) SQL injection (CVE-ID: CVE-2018-7768)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of loadtemplate.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted tpl input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
7) SQL injection (CVE-ID: CVE-2018-7769)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of xmlserver.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
8) SQL injection (CVE-ID: CVE-2018-7772)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of applets which are exposed on the web service due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted loginSeed parameter, which can be embedded in the HTTP cookie of the request to vulnerable script and execute arbitrary SQL commands in web application database.
9) SQL injection (CVE-ID: CVE-2018-7773)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of nfcserver.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted sessionid input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
10) SQL injection (CVE-ID: CVE-2018-7774)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of localize.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted username input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
11) Path traversal (CVE-ID: CVE-2018-7770)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to path traversal within processing of sendmail.php. A remote attacker can select arbitrary files to send to an arbitrary email address.
12) Security restrictions bypass (CVE-ID: CVE-2018-7771)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to path traversal within processing of editscript.php. A remote attacker can write arbitrary php files anywhere in the web service directory tree.
13) Path traversal (CVE-ID: CVE-2018-7775)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to path traversal within processing of externalframe.php. A remote attacker can conduct directory traversal and return exception information that contains sensitive path information.
14) Information disclosure (CVE-ID: CVE-2018-7776)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw within processing of error.php. A remote attacker can return system information that contains sensitive data.
15) Improper input validation (CVE-ID: CVE-2018-7777)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to insufficient handling of update_file request parameter on update_module.php. A remote attacker can send a specially crafted request to the target server and execute arbitrary code.
16) Insecure library loading (CVE-ID: CVE-2017-7494)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on vulnerable server.The vulnerability exists due to insecure library loading mechanism, when processing files on file shares. A remote attacker with ability to upload file on SMB share can upload and execute arbitrary shared library on the server with privileges of the Samba process.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.