CVE-2018-7785
published 2018-07-03CVE-2018-7785: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.08%
86.1th percentile
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | u.motion_builder | < 1.3.4 | 1.3.4 |
| schneider_electric_se | u.motion_builder | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-7785 is an OS command injection (CWE-78) in Schneider Electric U.motion Builder that allows authentication bypass via remote command injection — target any unauthenticated HTTP endpoints exposed by the application. ↗
- →CVE-2018-7787 (related, same product) involves improper validation of the 'context' parameter in HTTP GET requests — monitor/inspect HTTP GET requests containing a 'context' parameter to the U.motion Builder web interface for anomalous or unexpected values. ↗
- →CVE-2018-7784 (related, same product) involves stack-based buffer overflow where an input string may be evaluated as a command — monitor for segmentation faults or unexpected process crashes in the U.motion Builder application. ↗
- →All three high-severity CVEs (CVE-2018-7784, CVE-2018-7785, CVE-2018-7786) are exploitable remotely with no authentication and no user interaction required (CVSS v3 vector AV:N/AC:L/PR:N/UI:N/S:C) — treat any unauthenticated inbound connection to U.motion Builder as high-risk. ↗
- ·No known public exploits were confirmed at the time of advisory publication — detection should focus on behavioral/anomaly indicators rather than known exploit signatures. ↗
- ·Only U.motion Builder versions prior to 1.3.4 are affected; patched systems running 1.3.4 or later are not vulnerable. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric U.motion Builder
cisa_ics·2018-06-18·CVSS 9.8
[CRITICAL] Schneider Electric U.motion Builder
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric U.motion Builder
Last RevisedJune 18, 2018
Alert CodeICSA-18-163-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Schneider Electric
- Equipment: U.motion Builder
- Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following U.motion Builder Software versions are affected:
- U.motion Builder ve
GHSA
GHSA-45g3-hwwx-j5r9: In Schneider Electric U
ghsa_unreviewed·2022-05-13
CVE-2018-7785 [CRITICAL] CWE-77 GHSA-45g3-hwwx-j5r9: In Schneider Electric U
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published