Command Injection Vulnerability in Schneider Electric U.motion Builder Software

Command Injection Vulnerability in Schneider Electric U.motion Builder Software

CVE-2018-7784 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.

Learn more about our Web Application Penetration Testing UK.