Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities

Schneider Electric U.motion Builder is prone to the following multiple security vulnerabilities:

1. A stack-based buffer-overflow vulnerability
2. An OS command-injection vulnerability
3. A cross-site scripting vulnerability
4. An information-disclosure vulnerability

Exploiting these issues could allow an attacker to bypass authentication mechanism, to execute arbitrary script code in the browser of an unsuspecting user, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition.

Versions prior to U.motion Builder 1.3.4 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus