cbcvebase.
CVE-2018-7785
published 2018-07-03

CVE-2018-7785: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.08%
86.1th percentile
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

Affected

2 ranges
VendorProductVersion rangeFixed in
schneider-electricu.motion_builder< 1.3.41.3.4
schneider_electric_seu.motion_builder

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-7785 is an OS command injection (CWE-78) in Schneider Electric U.motion Builder that allows authentication bypass via remote command injection — target any unauthenticated HTTP endpoints exposed by the application.
  • CVE-2018-7787 (related, same product) involves improper validation of the 'context' parameter in HTTP GET requests — monitor/inspect HTTP GET requests containing a 'context' parameter to the U.motion Builder web interface for anomalous or unexpected values.
  • CVE-2018-7784 (related, same product) involves stack-based buffer overflow where an input string may be evaluated as a command — monitor for segmentation faults or unexpected process crashes in the U.motion Builder application.
  • All three high-severity CVEs (CVE-2018-7784, CVE-2018-7785, CVE-2018-7786) are exploitable remotely with no authentication and no user interaction required (CVSS v3 vector AV:N/AC:L/PR:N/UI:N/S:C) — treat any unauthenticated inbound connection to U.motion Builder as high-risk.
  • ·No known public exploits were confirmed at the time of advisory publication — detection should focus on behavioral/anomaly indicators rather than known exploit signatures.
  • ·Only U.motion Builder versions prior to 1.3.4 are affected; patched systems running 1.3.4 or later are not vulnerable.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.