This vulnerability allows remote attackers to deny service on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability.
The specific flaw exists within processing of message_simple_html.php, which is exposed on the web service. The reboot option of the applet reboots the system. This flaw allows a remote attacker to perpetually reboot the system, denying service to all users.