The vulnerability of the update_module.php script in the U.motion builder system allows a perpetrator to execute arbitrary code.

🗓️ 12 Apr 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Vulnerability in update_module.php of U.motion builder allows arbitrary code execution via crafted update_file requests.

Reporter	Title	Published	Views	Family All 10
0day.today	Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Exploit	3 Feb 202000:00	–	zdt
CNVD	Schneider Electric U.motion Builder Remote Code Execution Vulnerability (CNVD-2018-07816)	13 Apr 201800:00	–	cnvd
CVE	CVE-2018-7777	3 Jul 201814:00	–	cve
Cvelist	CVE-2018-7777	3 Jul 201814:00	–	cvelist
Exploit DB	Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection	3 Feb 202000:00	–	exploitdb
EUVD	EUVD-2018-19489	7 Oct 202500:30	–	euvd
exploitpack	Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection	3 Feb 202000:00	–	exploitpack
NVD	CVE-2018-7777	3 Jul 201814:29	–	nvd
Packet Storm	Schneider Electric U.Motion Builder 1.3.4 Command Injection	3 Feb 202000:00	–	packetstorm
Prion	Design/Logic Flaw	3 Jul 201814:29	–	prion

Vulners

Node

schneider_electric u.motion_builderRange<1.3.4

Source	Link
download	www.download.schneider-electric.com/files
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2018041010
threatpost	www.threatpost.ru/zakryty-16-uyazvimostej-v-u-motion-builder/25555/
schneider-electric	www.schneider-electric.com/en/download/document/SE_UMOTION_BUILDER/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6Medium risk

Vulners AI Score6

CVSS 38.8

CVSS 210

EPSS0.15807

update module script Umotion builder arbitrary code execution input data validation update file parameter