Input Validation Flaw in Schneider Electric U.motion Builder Software
CVE-2018-7787
5.3MEDIUM
What is CVE-2018-7787?
In Schneider Electric's U.motion Builder software, versions prior to v1.3.4, an improper validation of input parameters in HTTP GET requests can lead to potential exploitation. Attackers may take advantage of this flaw to manipulate context parameters, jeopardizing the integrity of the affected system. Users are strongly encouraged to update to the latest version to mitigate risks associated with this vulnerability.
Affected Version(s)
U.motion Builder U.motion Builder, all versions prior to 1.3.4