Schneider Electric Fixes Vulnerability in U.motion Builder

Schneider Electric recently fixed four vulnerabilities in U.motion Builder software, including two serious command execution vulnerabilities. Both Schneider and ICS-CERT have issued security bulletins, and versions before U.motion Builder 1.3.4 have been affected.

Schneider Electric’s U.motion is a building automation solution that currently uses in a wide range of commercial facilities, key manufacturing and energy industries worldwide. U.motion Builder is a tool for creating projects for U.motion devices that allows users to develop demand-compliant plans for all types of U.motion devices.

Image: See page for author [Public domain], via Wikimedia Commons

• CVE-2018-7784 – Stack Based Buffer Overflow Vulnerability
  An attacker can exploit this vulnerability to execute code, read the stack, or cause segmentation faults in a running application. The CVSS v3 vulnerability score is 10.0.
• CVE-2018-7785 – Remote Code Injection Vulnerability 
  Remote command injection vulnerabilities that allow bypassing authentication. The CVSS v3 vulnerability score is 10.0.

These two vulnerabilities are high-risk vulnerabilities that can be exploited remotely by low-level attackers.

• CVE-2018-7786 – Incorrect Input Corruption During Web Page Generation (Cross Site Scripting)
  This is a cross-site scripting vulnerability that allows the injection of malicious scripts. The CVSS v3 vulnerability score is 6.1 points.
• CVE-2018-7787 – Incorrect Input Validation Vulnerability

  This vulnerability is due to the incorrect validation of the context parameter input in the HTTP GET request, which may result in the disclosure of sensitive information. The CVSS v3 vulnerability score is 5.3 points.

Schneider Electric has released firmware update version 1.3.4, recommending that the user download and install the firmware version as soon as possible.