Strix
26.1K

CVE-2018-7777

UnknownEPSS 31.80%

Last modified

CVE-2018-7777 is a vulnerability of currently unknown severity. The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.. EPSS estimates a 31.80% chance of exploitation in the next 30 days.

Description

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

Metrics

EPSS Probability
31.80%

98.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Schneider-ElectricU.Motion Builder< 1.3.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-7777?
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.
How severe is CVE-2018-7777?
Severity scoring for CVE-2018-7777 is pending analysis. The EPSS model estimates a 31.80% probability of exploitation in the next 30 days.
How do I fix CVE-2018-7777?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7777?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST