This vulnerability allows remote attackers to acquire system information about vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability.
The specific flaw exists within error.php. System information is returned to the attacker that contains sensitive data. This can be leveraged by an attacker in conjunction with other vulnerabilities to execute arbitrary code on the system.