Sign-up

ID

VAR-201807-1869


CVE

CVE-2018-7771


TITLE

Schneider Electric U.motion Builder Software Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-007233 // CNNVD: CNNVD-201807-154

DESCRIPTION

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. Schneider Electric U.motion Builder Software Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within processing of editscript.php. An attacker can leverage this vulnerability to execute arbitrary code in the context of the web server

Trust: 2.97

sources: NVD: CVE-2018-7771 // JVNDB: JVNDB-2018-007233 // ZDI: ZDI-17-376 // CNVD: CNVD-2017-09465 // IVD: 08961979-c85d-41fa-9a29-638a62914e7a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 08961979-c85d-41fa-9a29-638a62914e7a // CNVD: CNVD-2017-09465

AFFECTED PRODUCTS

vendor:schneider electricmodel:u.motion builderscope:ltversion:1.3.4

Trust: 1.0

vendor:schneider electricmodel:u.motion builder softwarescope:ltversion:1.3.4

Trust: 0.8

vendor:schneider electricmodel:u.motion builderscope: - version: -

Trust: 0.7

vendor:schneidermodel:electric u.motion builderscope: - version: -

Trust: 0.6

vendor:schneider electricmodel:u.motion builderscope:eqversion:1.2.1

Trust: 0.6

vendor:u motion buildermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 08961979-c85d-41fa-9a29-638a62914e7a // ZDI: ZDI-17-376 // CNVD: CNVD-2017-09465 // JVNDB: JVNDB-2018-007233 // CNNVD: CNNVD-201807-154 // NVD: CVE-2018-7771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7771
value: HIGH

Trust: 1.0

NVD: CVE-2018-7771
value: HIGH

Trust: 0.8

ZDI: ZDI-17-376
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2017-09465
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-154
value: MEDIUM

Trust: 0.6

IVD: 08961979-c85d-41fa-9a29-638a62914e7a
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7771
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: ZDI-17-376
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2017-09465
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 08961979-c85d-41fa-9a29-638a62914e7a
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7771
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 08961979-c85d-41fa-9a29-638a62914e7a // ZDI: ZDI-17-376 // CNVD: CNVD-2017-09465 // JVNDB: JVNDB-2018-007233 // CNNVD: CNNVD-201807-154 // NVD: CVE-2018-7771

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-007233 // NVD: CVE-2018-7771

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-154

TYPE

Path traversal

Trust: 0.8

sources: IVD: 08961979-c85d-41fa-9a29-638a62914e7a // CNNVD: CNNVD-201807-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007233

PATCH
title:SEVD-2018-095-01url:https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
Trust: 0.8
title:This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.03/29/2016 - ZDI disclosed the vulnerability reports to ICS-CERT (with an expected 'due date' of 07/27/16).03/29/2016 - ICS-CERT acknowledged that they received them and "sent them on to our contacts at Schneider Electric, and will keep you informed of their progress.  We are tracking these issues as ICS-VU-291195."08/24/2016 - ZDI sent a follow-up inquiry to ICS-CERT requesting the status.09/08/2016 - ICS-CERT replied requesting more information on one vulnerability report, but said of the others, "they have successfully validated the rest of the vulnerability reports.  Unfortunately, they don't expect to have a patch ready until the end of this year." ICS-CERT suggested they would work with the vendor to try to bring this in.09/19/2016 - ZDI sent a follow-up inquiry to ICS-CERT asking if the vendor was anywhere closer.10/11/2016 - ZDI sent a follow-up inquiry to ICS-CERT asking if the vendor was anywhere closer and stressed potential 0-day.12/14/2016 - ZDI sent a follow-up inquiry to ICS-CERT requesting the status.06/02/2017 - ZDI sent a follow-up inquiry to ICS-CERT requesting the status.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in  and numerous other Microsoft Knowledge Base articles.url:http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx
Trust: 0.7
title:Schneider Electric U.motion Builder Software path traversal vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81723
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-376 // 
            
            
            
            JVNDB: JVNDB-2018-007233 // 
            
            
            
            CNNVD: CNNVD-201807-154

EXTERNAL IDS
db:NVDid:CVE-2018-7771
Trust: 3.2
db:SCHNEIDERid:SEVD-2018-095-01
Trust: 1.6
db:ZDIid:ZDI-17-376
Trust: 1.3
db:CNVDid:CNVD-2017-09465
Trust: 0.8
db:CNNVDid:CNNVD-201807-154
Trust: 0.8
db:ICS CERTid:ICSA-17-180-02
Trust: 0.8
db:JVNDBid:JVNDB-2018-007233
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3647
Trust: 0.7
db:NSFOCUSid:40308
Trust: 0.6
db:IVDid:08961979-C85D-41FA-9A29-638A62914E7A
Trust: 0.2
sources:
            
            
            IVD: 08961979-c85d-41fa-9a29-638a62914e7a // 
            
            
            
            ZDI: ZDI-17-376 // 
            
            
            
            CNVD: CNVD-2017-09465 // 
            
            
            
            JVNDB: JVNDB-2018-007233 // 
            
            
            
            CNNVD: CNNVD-201807-154 // 
            
            
            
            NVD: CVE-2018-7771

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-095-01/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7771
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-180-02
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7771
Trust: 0.8
url:http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx
Trust: 0.7
url:www.zerodayinitiative.com/advisories/zdi-17-376/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/40308
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-376 // 
            
            
            
            CNVD: CNVD-2017-09465 // 
            
            
            
            JVNDB: JVNDB-2018-007233 // 
            
            
            
            CNNVD: CNNVD-201807-154 // 
            
            
            
            NVD: CVE-2018-7771

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-17-376

SOURCES
db:IVDid:08961979-c85d-41fa-9a29-638a62914e7a
db:ZDIid:ZDI-17-376
db:CNVDid:CNVD-2017-09465
db:JVNDBid:JVNDB-2018-007233
db:CNNVDid:CNNVD-201807-154
db:NVDid:CVE-2018-7771

LAST UPDATE DATE
2024-11-23T20:52:59.659000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-376date:2017-06-12T00:00:00
db:CNVDid:CNVD-2017-09465date:2017-06-14T00:00:00
db:JVNDBid:JVNDB-2018-007233date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201807-154date:2018-07-04T00:00:00
db:NVDid:CVE-2018-7771date:2024-11-21T04:12:42.353

SOURCES RELEASE DATE
db:IVDid:08961979-c85d-41fa-9a29-638a62914e7adate:2017-06-14T00:00:00
db:ZDIid:ZDI-17-376date:2017-06-12T00:00:00
db:CNVDid:CNVD-2017-09465date:2017-06-14T00:00:00
db:JVNDBid:JVNDB-2018-007233date:2018-09-12T00:00:00
db:CNNVDid:CNNVD-201807-154date:2018-07-04T00:00:00
db:NVDid:CVE-2018-7771date:2018-07-03T14:29:00.883