Details of VAR-201807-1858

ID

VAR-201807-1858

CVE

CVE-2018-7785

TITLE

Schneider Electric U.motion Builder Command injection vulnerability

Trust: 0.8

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNVD: CNVD-2018-11392

DESCRIPTION

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. U.motion Builder is a generator product from Schneider Electric, France. A stack-based buffer-overflow vulnerability 2. An OS command-injection vulnerability 3. A cross-site scripting vulnerability 4. An information-disclosure vulnerability Exploiting these issues could allow an attacker to bypass authentication mechanism, to execute arbitrary script code in the browser of an unsuspecting user, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Versions prior to U.motion Builder 1.3.4 are vulnerable

Trust: 2.61

sources: NVD: CVE-2018-7785 // JVNDB: JVNDB-2018-007237 // CNVD: CNVD-2018-11392 // BID: 104447 // IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNVD: CNVD-2018-11392

AFFECTED PRODUCTS

vendor:	schneider electric	model:	u.motion builder	scope:	lt	version:	1.3.4	Trust: 1.0
vendor:	schneider electric	model:	u.motion builder	scope:	eq	version:	1.2.1	Trust: 0.9
vendor:	schneider electric	model:	u.motion builder software	scope:	lt	version:	1.3.4	Trust: 0.8
vendor:	schneider	model:	electric u.motion builder	scope:	lt	version:	1.3.4	Trust: 0.6
vendor:	schneider electric	model:	u.motion builder	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	schneider electric	model:	u.motion builder	scope:	ne	version:	1.3.4	Trust: 0.3
vendor:	u motion builder	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNVD: CNVD-2018-11392 // BID: 104447 // JVNDB: JVNDB-2018-007237 // CNNVD: CNNVD-201806-1167 // NVD: CVE-2018-7785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7785
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-7785
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-11392
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-1167
value:	CRITICAL
Trust: 0.6
IVD:	e2f2badf-39ab-11e9-ad7a-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-7785
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11392
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f2badf-39ab-11e9-ad7a-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7785
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNVD: CNVD-2018-11392 // JVNDB: JVNDB-2018-007237 // CNNVD: CNNVD-201806-1167 // NVD: CVE-2018-7785

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.8

sources: JVNDB: JVNDB-2018-007237 // NVD: CVE-2018-7785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1167

TYPE

Command injection

Trust: 0.8

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNNVD: CNNVD-201806-1167

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007237

PATCH

title:	SEVD-2018-151-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/	Trust: 0.8
title:	Schneider Electric U.motion Builder command to inject vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/131849	Trust: 0.6
title:	Schneider Electric U.motion Builder Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81476	Trust: 0.6

sources: CNVD: CNVD-2018-11392 // JVNDB: JVNDB-2018-007237 // CNNVD: CNNVD-201806-1167

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7785	Trust: 3.5
db:	SCHNEIDER	id:	SEVD-2018-151-01	Trust: 1.9
db:	BID	id:	104447	Trust: 1.9
db:	ICS CERT	id:	ICSA-18-163-01	Trust: 1.7
db:	CNVD	id:	CNVD-2018-11392	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1167	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007237	Trust: 0.8
db:	SCHNEIDER	id:	SEVD-2017-178-01	Trust: 0.3
db:	IVD	id:	E2F2BADF-39AB-11E9-AD7A-000C29342CB1	Trust: 0.2

sources: IVD: e2f2badf-39ab-11e9-ad7a-000c29342cb1 // CNVD: CNVD-2018-11392 // BID: 104447 // JVNDB: JVNDB-2018-007237 // CNNVD: CNNVD-201806-1167 // NVD: CVE-2018-7785

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2018-151-01/	Trust: 1.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-163-01	Trust: 1.7
url:	http://www.securityfocus.com/bid/104447	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7785	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7785	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	http://www.schneider-electric.com/en/download/document/sevd-2017-178-01/	Trust: 0.3

sources: CNVD: CNVD-2018-11392 // BID: 104447 // JVNDB: JVNDB-2018-007237 // CNNVD: CNNVD-201806-1167 // NVD: CVE-2018-7785

CREDITS

Wei Gao of Ixia and bigric3@360A-TEAM

Trust: 0.3

sources: BID: 104447

SOURCES

db:	IVD	id:	e2f2badf-39ab-11e9-ad7a-000c29342cb1
db:	CNVD	id:	CNVD-2018-11392
db:	BID	id:	104447
db:	JVNDB	id:	JVNDB-2018-007237
db:	CNNVD	id:	CNNVD-201806-1167
db:	NVD	id:	CVE-2018-7785

LAST UPDATE DATE

2024-11-23T20:18:07.690000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11392	date:	2018-06-13T00:00:00
db:	BID	id:	104447	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-007237	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201806-1167	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7785	date:	2024-11-21T04:12:43.870

SOURCES RELEASE DATE

db:	IVD	id:	e2f2badf-39ab-11e9-ad7a-000c29342cb1	date:	2018-06-13T00:00:00
db:	CNVD	id:	CNVD-2018-11392	date:	2018-06-13T00:00:00
db:	BID	id:	104447	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-007237	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201806-1167	date:	2018-06-26T00:00:00
db:	NVD	id:	CVE-2018-7785	date:	2018-07-03T14:29:01.570