Two Critical flaws affect Schneider Electric U.motion Builder. Patch them now!

Haythem Elmir

Schneider Electric has patched last week four flaws affecting the U.motion Builder software, including two critical command execution vulnerabilities.

Schneider Electric U.motion Builder is a tool designed for creating projects for U.motion devices that are used in critical manufacturing, energy, and commercial facilities industries.

“This exploit occurs when the submitted data of an input string is evaluated as a command by the application,” reads the advisory published by Schneider. “In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.”

The critical stack-based buffer overflow vulnerability tracked as CVE-2018-7784, it received the CVSS Score of 10.

The flaw was reported by the Chinese researcher who uses the online moniker “bigric3” that also reported a critical remote command injection vulnerability, tracked as CVE-2018-7785, that can lead to authentication bypass.

The CVE-2018-7785 Remote Command Injection flaw also has been assigned CVSS scores of 10.

Both flaws can be exploited easily exploited by a remote attacker without specific skills.

Schneider Electric U.motion Builder

Bigric3 has also reported a medium severity cross-site scripting (XSS) vulnerability, tracked as CVE-2018-7786, in the U.motion Builder application.

The last issue addressed by Schneider with the release of version 1.3.4 is an improper validation of input of context parameter in an HTTP GET request. The flaw, tracked as CVE-2018-7787, was reported by the CVE-2018-7787 Wei Gao of Ixia.

This issue has been classified as having medium severity.

The ICS-CERT and the U.S. National Cybersecurity & Communications Integration Center (NCCIC) have published a security advisory that also includes mitigations to minimize the risk of exploitation of this vulnerability.

According to the NCCIC, users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
  • Perform proper impact analysis and risk assessment prior to deploying defensive measures


To read the original article

Laisser un commentaire

Next Post

Dixons Carphone data breach – millions put at risk of fraud

Once again a large company has suffered a huge data breach, putting millions of innocent customers at risk. Customers of British popular high street stores Currys PC World, Carphone Warehouse, and Dixons Travel have been warned that a huge data breach has occurred involving 5.9 million payment cards and the […]