Sign-up

ID

VAR-201807-1857


CVE

CVE-2018-7784


TITLE

Schneider Electric U.motion Builder Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // CNVD: CNVD-2018-11393

DESCRIPTION

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. U.motion Builder is a generator product from Schneider Electric, France. A stack-based buffer-overflow vulnerability 2. An OS command-injection vulnerability 3. A cross-site scripting vulnerability 4. An information-disclosure vulnerability Exploiting these issues could allow an attacker to bypass authentication mechanism, to execute arbitrary script code in the browser of an unsuspecting user, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Versions prior to U.motion Builder 1.3.4 are vulnerable

Trust: 2.61

sources: NVD: CVE-2018-7784 // JVNDB: JVNDB-2018-007905 // CNVD: CNVD-2018-11393 // BID: 104447 // IVD: e2f2bade-39ab-11e9-965f-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // CNVD: CNVD-2018-11393

AFFECTED PRODUCTS

vendor:schneider electricmodel:u.motionscope:ltversion:1.3.4

Trust: 1.0

vendor:schneider electricmodel:u.motion builder softwarescope:ltversion:1.3.4

Trust: 0.8

vendor:schneidermodel:electric u.motion builderscope:ltversion:1.3.4

Trust: 0.6

vendor:schneider electricmodel:u.motion builderscope:eqversion:1.2.1

Trust: 0.3

vendor:schneider electricmodel:u.motion builderscope:eqversion:1.0.1

Trust: 0.3

vendor:schneider electricmodel:u.motion builderscope:neversion:1.3.4

Trust: 0.3

vendor:u motionmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // CNVD: CNVD-2018-11393 // BID: 104447 // JVNDB: JVNDB-2018-007905 // NVD: CVE-2018-7784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7784
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7784
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-11393
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1166
value: CRITICAL

Trust: 0.6

IVD: e2f2bade-39ab-11e9-965f-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-7784
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11393
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f2bade-39ab-11e9-965f-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7784
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // CNVD: CNVD-2018-11393 // JVNDB: JVNDB-2018-007905 // CNNVD: CNNVD-201806-1166 // NVD: CVE-2018-7784

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-007905 // NVD: CVE-2018-7784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1166

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // CNNVD: CNNVD-201806-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007905

PATCH
title:SEVD-2018-151-01url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-151-01+U.motion.pdf&p_Doc_Ref=SEVD-2018-151-01
Trust: 0.8
title:Patch for Schneider Electric U.motion Builder Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131845
Trust: 0.6
title:Schneider Electric U.motion Builder Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81477
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11393 // 
            
            
            
            JVNDB: JVNDB-2018-007905 // 
            
            
            
            CNNVD: CNNVD-201806-1166

EXTERNAL IDS
db:NVDid:CVE-2018-7784
Trust: 3.5
db:SCHNEIDERid:SEVD-2018-151-01
Trust: 1.9
db:BIDid:104447
Trust: 1.9
db:ICS CERTid:ICSA-18-163-01
Trust: 1.7
db:CNVDid:CNVD-2018-11393
Trust: 0.8
db:CNNVDid:CNNVD-201806-1166
Trust: 0.8
db:JVNDBid:JVNDB-2018-007905
Trust: 0.8
db:SCHNEIDERid:SEVD-2017-178-01
Trust: 0.3
db:IVDid:E2F2BADE-39AB-11E9-965F-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f2bade-39ab-11e9-965f-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-11393 // 
            
            
            
            BID: 104447 // 
            
            
            
            JVNDB: JVNDB-2018-007905 // 
            
            
            
            CNNVD: CNNVD-201806-1166 // 
            
            
            
            NVD: CVE-2018-7784

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-151-01/
Trust: 1.9
url:https://ics-cert.us-cert.gov/advisories/icsa-18-163-01
Trust: 1.7
url:http://www.securityfocus.com/bid/104447
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7784
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7784
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:http://www.schneider-electric.com/en/download/document/sevd-2017-178-01/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-11393 // 
            
            
            
            BID: 104447 // 
            
            
            
            JVNDB: JVNDB-2018-007905 // 
            
            
            
            CNNVD: CNNVD-201806-1166 // 
            
            
            
            NVD: CVE-2018-7784

CREDITS
Wei Gao of Ixia and bigric3@360A-TEAM
Trust: 0.3
sources:
            
            
            BID: 104447

SOURCES
db:IVDid:e2f2bade-39ab-11e9-965f-000c29342cb1
db:CNVDid:CNVD-2018-11393
db:BIDid:104447
db:JVNDBid:JVNDB-2018-007905
db:CNNVDid:CNNVD-201806-1166
db:NVDid:CVE-2018-7784

LAST UPDATE DATE
2024-11-23T20:49:05.909000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11393date:2018-06-13T00:00:00
db:BIDid:104447date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-007905date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201806-1166date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7784date:2024-11-21T04:12:43.767

SOURCES RELEASE DATE
db:IVDid:e2f2bade-39ab-11e9-965f-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11393date:2018-06-13T00:00:00
db:BIDid:104447date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-007905date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201806-1166date:2018-06-26T00:00:00
db:NVDid:CVE-2018-7784date:2018-07-03T14:29:01.523