Schneider Electric recently patched four vulnerabilities in its U.motion Builder software, including two critical command execution flaws. Advisories have been published by both the vendor and ICS-CERT.
Schneider Electric’s U.motion is a building automation solution used around the world mainly in the energy, critical manufacturing and commercial facilities sectors. U.motion Builder is a tool designed for creating projects for U.motion devices.
A Chinese researcher who uses the online moniker “bigric3” discovered that U.motion Builder is affected by a critical stack-based buffer overflow vulnerability (CVE-2018-7784).
“This exploit occurs when the submitted data of an input string is evaluated as a command by the application,” Schneider said in an advisory. “In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.”
Another critical flaw discovered by bigric3 is CVE-2018-7785, which has been described as a remote command injection issue that can lead to authentication bypass.
Both these security holes have been assigned CVSS scores of 10. They can be exploited remotely even by an attacker with a low skill level.
Register for SecurityWeek’s 2018 ICS Cyber Security Conference
Bigric3 has also been credited for finding a medium severity cross-site scripting (XSS) vulnerability in the U.motion Builder application.
Another flaw in U.motion Builder was discovered by Wei Gao of Ixia. The researcher found that the “improper validation of input of context parameter in an HTTP GET request” can lead to the disclosure of sensitive information. This issue has also been classified as having medium severity.
Schneider patched these vulnerabilities with the release of version 1.3.4. All prior versions are impacted.
In addition to the patch, ICS-CERT and the U.S. National Cybersecurity & Communications Integration Center (NCCIC) have provided a series of general recommendations for minimizing the risk of attacks.
Related: Schneider Electric Patches 16 Flaws in Building Automation Software
Related: Unpatched Flaws in Schneider Electric U.motion Builder Disclosed
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
