Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Flaws Patched in Schneider Building Automation Software

Schneider Electric recently patched four vulnerabilities in its U.motion Builder software, including two critical command execution flaws. Advisories have been published by both the vendor and ICS-CERT.

Schneider Electric recently patched four vulnerabilities in its U.motion Builder software, including two critical command execution flaws. Advisories have been published by both the vendor and ICS-CERT.

Schneider Electric’s U.motion is a building automation solution used around the world mainly in the energy, critical manufacturing and commercial facilities sectors. U.motion Builder is a tool designed for creating projects for U.motion devices.

A Chinese researcher who uses the online moniker “bigric3” discovered that U.motion Builder is affected by a critical stack-based buffer overflow vulnerability (CVE-2018-7784).

“This exploit occurs when the submitted data of an input string is evaluated as a command by the application,” Schneider said in an advisory. “In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.”

Another critical flaw discovered by bigric3 is CVE-2018-7785, which has been described as a remote command injection issue that can lead to authentication bypass.

Both these security holes have been assigned CVSS scores of 10. They can be exploited remotely even by an attacker with a low skill level.

Register for SecurityWeek’s 2018 ICS Cyber Security Conference

Bigric3 has also been credited for finding a medium severity cross-site scripting (XSS) vulnerability in the U.motion Builder application.

Another flaw in U.motion Builder was discovered by Wei Gao of Ixia. The researcher found that the “improper validation of input of context parameter in an HTTP GET request” can lead to the disclosure of sensitive information. This issue has also been classified as having medium severity.

Schneider patched these vulnerabilities with the release of version 1.3.4. All prior versions are impacted.

In addition to the patch, ICS-CERT and the U.S. National Cybersecurity & Communications Integration Center (NCCIC) have provided a series of general recommendations for minimizing the risk of attacks.

Related: Schneider Electric Patches 16 Flaws in Building Automation Software

Related: Unpatched Flaws in Schneider Electric U.motion Builder Disclosed

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...