Schneider.Electric.UMotion.Builder.Arbitrary.File.Inclusion
Description
This indicates a possible attempt to exploit an Arbitrary File Inclusion vulnerability in Schneider Electric U.motion Builder.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. A remote attacker can exploit this to read arbitrary local files in the system.
Affected Products
Schneider Electric U.motion Builder 1.2.1 and prior
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |