13 June 2018

Multiple vulnerabilities in U.motion Builder

Multiple remote code execution vulnerabilities have been fixed in Schneider Electric’s U.motion Builder.

The most critical vulnerabilities, for which a CVSS v.3 base score of 10.0 has been calculated, are buffer overflow (CVE-2018-7784) and remote command injection (CVE-2018-7785).

The CVE-2018-7784 vulnerability is caused by input string data being improperly evaluated as a command by the application. This could allow attackers to execute code, read the stack, or cause a segmentation fault in the running application.

In addition, U.motion Builder is affected by an XSS vulnerability (CVE-2018-7786), which could allow injection of malicious scripts, and an improper input validation flaw (CVE-2018-7787), which could allow the disclosure of sensitive information.

The above vulnerabilities affect all U.motion Builder versions prior to 1.3.4. Version 1.3.4 includes fixes for these vulnerabilities.

U.motion Builder enables users to create projects for their U.motion devices, which provide comprehensive management functionality for residential and industrial spaces. U.motion is designed to automate a broad range of processes in buildings, from turning lights on and off to controlling power consumption and performing video surveillance. The solution is used in commercial and industrial spaces across the globe.

Sources: Schneider Electric, ICS-CERT