Multiple vulnerabilities in Schneider U.motion Builder
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2018-7763 CVE-2018-7764 CVE-2018-7765 CVE-2018-7766 CVE-2018-7767 CVE-2018-7768 CVE-2018-7769 CVE-2018-7772 CVE-2018-7773 CVE-2018-7774 CVE-2018-7770 CVE-2018-7771 CVE-2018-7775 CVE-2018-7776 CVE-2018-7777 CVE-2017-7494 |
| CWE-ID | CWE-22 CWE-89 CWE-200 CWE-20 CWE-426 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #15 is available. Vulnerability #16 is being exploited in the wild. |
| Vulnerable software Subscribe |
U.motion Builder Universal components / Libraries / Software for developers |
| Vendor |
Schneider Electric |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU11643
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7763
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to path traversal within css.inc.php. A remote attacker can conduct directory traversal attack and gain access to arbitrary data.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU11645
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7764
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to path traversal in the processing of the 's' parameter of the applet. A remote attacker can conduct directory traversal attack and gain access to arbitrary data.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU11652
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7765
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of track_import_export.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted object_id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) SQL injection
EUVDB-ID: #VU11653
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7766
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of track_getdata.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) SQL injection
EUVDB-ID: #VU11654
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7767
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of editobject.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted type id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) SQL injection
EUVDB-ID: #VU11655
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7768
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of loadtemplate.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted tpl input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) SQL injection
EUVDB-ID: #VU11656
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7769
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of xmlserver.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted id input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) SQL injection
EUVDB-ID: #VU11657
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7772
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of applets which are exposed on the web service due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted loginSeed parameter, which can be embedded in the HTTP cookie of the request to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) SQL injection
EUVDB-ID: #VU11658
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7773
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of nfcserver.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted sessionid input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) SQL injection
EUVDB-ID: #VU11659
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7774
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The weakness exists within processing of localize.php due to insufficient sanitization of user-supplied data. A remote attacker can submit a specially crafted username input parameter to vulnerable script and execute arbitrary SQL commands in web application database.
MitigationInstall update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Path traversal
EUVDB-ID: #VU11660
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7770
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to path traversal within processing of sendmail.php. A remote attacker can select arbitrary files to send to an arbitrary email address.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU11661
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7771
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to path traversal within processing of editscript.php. A remote attacker can write arbitrary php files anywhere in the web service directory tree.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Path traversal
EUVDB-ID: #VU11662
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7775
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to path traversal within processing of externalframe.php. A remote attacker can conduct directory traversal and return exception information that contains sensitive path information.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU11663
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7776
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw within processing of error.php. A remote attacker can return system information that contains sensitive data.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU11664
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient handling of update_file request parameter on update_module.php. A remote attacker can send a specially crafted request to the target server and execute arbitrary code.
Install update from vendor's website.
Vulnerable software versions: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960747...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Insecure library loading
EUVDB-ID: #VU6676
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-7494
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on vulnerable server.
The vulnerability exists due to insecure library loading mechanism, when processing files on file shares. A remote attacker with ability to upload file on SMB share can upload and execute arbitrary shared library on the server with privileges of the Samba process.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Install update from vendor's website.
Vulnerable software versionsU.motion Builder: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
