This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of the system configuration. The web administration account is set up with the ability to sudo without a password. An attacker can leverage this vulnerability to execute arbitrary code under the context of root.