Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
Schneider Electric U.motion Builder is prone to the following multiple security vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. An OS command-injection vulnerability
3. A cross-site scripting vulnerability
4. An information-disclosure vulnerability
Exploiting these issues could allow an attacker to bypass authentication mechanism, to execute arbitrary script code in the browser of an unsuspecting user, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition.
Versions prior to U.motion Builder 1.3.4 are vulnerable.