Schneider Electric U.motion Builder - Remote Code Execution

U.motion Builder 1.3.4 contains a remote code execution vulnerability caused by improper input sanitization, allowing attackers to execute arbitrary system commands through crafted input parameters. id: CVE-2018-7841 info: name: Schneider Electric U.motion Builder - Remote Code Execution author:...

CVE-2018-7770

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address...

CVE-2018-7764

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet...

Schneider Electric U.motion Builder Buffer Overflow Vulnerability

U.motion Builder is a builder product from Schneider Electric France. The Schneider Electric U.motion Builder suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code, read the stack or cause a segmentation error in a running application...

The vulnerability of the update_module.php script in the U.motion builder system allows a perpetrator to execute arbitrary code.

The vulnerability of the updatemodule.php script in the U.motion builder system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request to the server using the updatefile parameter...