Sploit.io - Search

CVE-2018-7784

Severity: Unknown

Description: In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.

Affected Products:

• Schneider Electric SE U.motion Builder - Versions: U.motion Builder, all versions prior to 1.3.4

References:

• https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/
• http://www.securityfocus.com/bid/104447

CVE-2018-7785

Severity: Unknown

Description: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

Affected Products:

• Schneider Electric SE U.motion Builder - Versions: U.motion Builder, all versions prior to 1.3.4

References:

• https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/
• http://www.securityfocus.com/bid/104447

CVE-2018-7786

Severity: Unknown

Description: In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.

Affected Products:

• Schneider Electric SE U.motion Builder - Versions: U.motion Builder, all versions prior to 1.3.4

References:

• https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/
• http://www.securityfocus.com/bid/104447

CVE-2018-7787

Severity: Unknown

Description: In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.

Affected Products:

• Schneider Electric SE U.motion Builder - Versions: U.motion Builder, all versions prior to 1.3.4

References:

• https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/
• http://www.securityfocus.com/bid/104447