A vulnerability was found in Schneider Electric U.motion Builder up to 1.3.3 (Automation Software) and classified as critical. This issue affects an unknown code of the component smbd. The manipulation as part of a Shared Library leads to a input validation vulnerability (Upload). Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

In Schneider Electric U.motion Builder software versions prior to v1.3.4, malicious clients can upload and cause the smbd server to execute a shared library from a writable share.

The bug was discovered 04/19/2018. The weakness was shared 07/03/2018 (Website). It is possible to read the advisory at schneider-electric.com. The identification of this vulnerability is CVE-2018-7777 since 03/08/2018. The exploitation is known to be easy. The attack may be initiated remotely. A simple authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 75 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 1.3.4 eliminates this vulnerability.

The entries 120298, 120285, 120286 and 120287 are related to this item.

Productinfo

Type

• Automation Software

Vendor

• Schneider Electric

Name

• U.motion Builder

Version

• 1.3.0
• 1.3.1
• 1.3.2
• 1.3.3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion