施耐德 U.motion Builder軟體被爆20多個0Day漏洞

12日，zero day網站（zdi）一口氣公布了施耐德20多個0day，公開的原因是，從漏洞送出給廠商，到釋出資訊時止，已經超過了zdi跟廠商約定的120天時間。0day大多是涉及到 u.motion builder。内容太多了，大家慢慢看吧。u.motion builder據說跟樓宇能效管理系統相關。

<b>zdi-17-392</b>

cve:

published: 2017-06-12

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-392">(0day) schneider electric u.motion builder local privilege escalation vulnerability</a>

<b>zdi-17-391</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-391">(0day) schneider electric u.motion builder embedded session id authentication bypass vulnerability</a>

<b>zdi-17-390</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-390">(0day) schneider electric u.motion builder css.inc directory traversal information disclosure vulnerability</a>

<b>zdi-17-389</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-389">(0day) schneider electric u.motion builder runscript directory traversal information disclosure vulnerability</a>

<b>zdi-17-388</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-388">(0day) schneider electric u.motion builder file_picker directory traversal arbitrary file upload remote code execution vulnerability</a>

<b>zdi-17-387</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-387">(0day) schneider electric u.motion builder soap request remote sql command execution vulnerability</a>

<b>zdi-17-386</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-386">(0day) schneider electric u.motion builder error message path information disclosure vulnerability</a>

<b>zdi-17-385</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-385">(0day) schneider electric u.motion builder error information disclosure vulnerability</a>

<b>zdi-17-384</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-384">(0day) schneider electric u.motion builder editobject sql injection remote code execution vulnerability</a>

<b>zdi-17-383</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-383">(0day) schneider electric u.motion builder xmlserver sql injection remote code execution vulnerability</a>

<b>zdi-17-382</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-382">(0day) schneider electric u.motion builder track_getdata sql injection remote code execution vulnerability</a>

<b>zdi-17-381</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-381">(0day) schneider electric u.motion builder nfcserver sql injection remote code execution vulnerability</a>

<b>zdi-17-380</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-380">(0day) schneider electric u.motion builder localize sql injection remote code execution vulnerability</a>

<b>zdi-17-379</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-379">(0day) schneider electric u.motion builder syslog_getdata sql injection remote code execution vulnerability</a>

<b>zdi-17-378</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-378">(0day) schneider electric u.motion builder track_import_export sql injection remote code execution vulnerability</a>

<b>zdi-17-377</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-377">(0day) schneider electric u.motion builder http cookie sql injection remote code execution vulnerability</a>

<b>zdi-17-376</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-376">(0day) schneider electric u.motion builder editscript directory traversal remote code execution vulnerability</a>

<b>zdi-17-375</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-375">(0day) schneider electric u.motion builder message_simple_html reboot parameter denial of service vulnerability</a>

<b>zdi-17-374</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-374">(0day) schneider electric u.motion builder loadtemplate sql injection remote code execution vulnerability</a>

<b>zdi-17-373</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-373">(0day) schneider electric u.motion builder sendmail email_attachment parameter absolute path traversal information disclosure vulnerability</a>

<b>zdi-17-372</b>

<a href="http://www.zerodayinitiative.com/advisories/zdi-17-372">(0day) schneider electric u.motion builder hard-coded password remote code execution vulnerability</a>

原文釋出時間：2017年6月13日

本文由：zeroday釋出，版權歸屬于原作者

原文連結:http://toutiao.secjia.com/schneider-u-motion-builder-exposes-0day-vulnerabilities

本文來自雲栖社群合作夥伴安全加，了解相關資訊可以關注安全加網站