cnvd - cnvd-2019-14275

cnvd-2019-14275

Vulnerability from cnvd

Title

Schneider Electric U.Motion Builder track_import_export.php object_id未经验证命令注入漏洞

Description

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.Motion Builder track_import_export.php object_id存在安全漏洞。该漏洞是由于应用程序未能正确地验证和过滤此参数，攻击者可利用漏洞插入任意命令。

Severity

高

Formal description

该产品在通知供应商有关此问题不久已退役，因此不会发布任何修复程序： https://www.schneider-electric.com/ww/en/

Reference

https://seclists.org/fulldisclosure/2019/May/26

Impacted products

Name
Schneider Electric U.motion Builder <=1.3.4

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7841"
    }
  },
  "description": "U.motion Builder\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u751f\u6210\u5668\u4ea7\u54c1\u3002\n\nSchneider Electric U.Motion Builder track_import_export.php object_id\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u548c\u8fc7\u6ee4\u6b64\u53c2\u6570\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d2\u5165\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Julien Ahrens",
  "formalWay": "\u8be5\u4ea7\u54c1\u5728\u901a\u77e5\u4f9b\u5e94\u5546\u6709\u5173\u6b64\u95ee\u9898\u4e0d\u4e45\u5df2\u9000\u5f79\uff0c\u56e0\u6b64\u4e0d\u4f1a\u53d1\u5e03\u4efb\u4f55\u4fee\u590d\u7a0b\u5e8f\uff1a\r\nhttps://www.schneider-electric.com/ww/en/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-14275",
  "openTime": "2019-05-15",
  "products": {
    "product": "Schneider Electric U.motion Builder \u003c=1.3.4"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2019/May/26",
  "serverity": "\u9ad8",
  "submitTime": "2019-05-15",
  "title": "Schneider Electric U.Motion Builder track_import_export.php object_id\u672a\u7ecf\u9a8c\u8bc1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2018-7841 (GCVE-0-2018-7841)

Vulnerability from cvelistv5

Published

2019-05-22 19:20

Modified

2025-10-21 23:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

SQL Injection

Summary

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

References

URL

Tags

	http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/May/26	mailing-list, x_refsource_FULLDISC
	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	U.motion	U.motion Builder software version 1.3.4	Version: U.motion Builder software version 1.3.4

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html"
          },
          {
            "name": "20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder \u003c= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/26"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-7841",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:14:24.620740Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-04-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7841"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-89",
                "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:36.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7841"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-04-15T00:00:00+00:00",
            "value": "CVE-2018-7841 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "U.motion Builder software version 1.3.4",
          "vendor": "U.motion",
          "versions": [
            {
              "status": "affected",
              "version": "U.motion Builder software version 1.3.4"
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T19:22:21.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html"
        },
        {
          "name": "20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder \u003c= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/26"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "U.motion Builder software version 1.3.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "U.motion Builder software version 1.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "U.motion"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html"
            },
            {
              "name": "20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder \u003c= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/26"
            },
            {
              "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7841",
    "datePublished": "2019-05-22T19:20:54.000Z",
    "dateReserved": "2018-03-08T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:36.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.