Schneider Electric U.motion Builder (Update A)

Act Now10ICS-CERT ICSA-17-180-02Jun 29, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

U.motion Builder versions 1.2.1 and earlier contain multiple critical vulnerabilities including SQL injection (CWE-89), path traversal (CWE-22), broken authentication (CWE-287), hardcoded credentials (CWE-259), and improper access control (CWE-284). These vulnerabilities can be exploited remotely without authentication to execute arbitrary commands, read/write arbitrary files, and bypass access controls. The vulnerabilities affect both U.motion Builder and U.motion Server components.

What this means

What could happen

An attacker could execute arbitrary commands on U.motion Builder, allowing them to alter control logic, modify setpoints, or shut down automation functions in Schneider Electric installations. This could disrupt industrial processes, compromise system integrity, and prevent normal operation of automated facilities.

Who's at risk

Energy sector operators using Schneider Electric U.motion Builder should care. This affects automation platforms and building/facility control systems that rely on U.motion for logic programming and configuration. Any industrial site using U.motion Builder for process automation is at risk.

How it could be exploited

An attacker on the network can send a specially crafted request to U.motion Builder without needing valid credentials. The vulnerability allows command injection (CWE-89) and path traversal (CWE-22), giving the attacker direct code execution on the system. No user interaction is required.

Prerequisites

Network access to U.motion Builder (reachable from attacker's network or exposed to the Internet
No credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)very high EPSS score (94.2%)affects control system operationsaffects multiple critical systems

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

U.motion Builder:≤ 1.2.11.3.4

Remediation & Mitigation

0/5

Do now

0/4

HOTFIXUpdate U.motion Builder firmware to version 1.3.4 or later

HOTFIXUpdate U.motion Server firmware to version 1.3.4 or later

HARDENINGIsolate U.motion Builder systems from the Internet and business network using firewalls

HARDENINGRestrict network access to U.motion Builder to only authorized engineering workstations and control system networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement remote access controls: if remote access is needed, use a VPN with the latest available patches

CVEs (22)

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/14ea61b7-6bab-4663-9246-0109550464b6