← back
CVE-2018-7777

CVE-2018-7777

EPSS 31.8%
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.
Affected products
Schneider Electric SE · U.Motion
public PoCs found2
cve_referencepacketstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47991unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.htmlhttps://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/