The NCCIC has released an advisory on command injection, cross-site scripting, and improper input validation vulnerabilities in Schneider Electric U.motion Bulder. Versions prior to 1.3.4 are affected. Successful exploitation of these vulnerabilities could allow remote code execution. Schneider Electric has released firmware update Version 1.3.4, which includes fixes for these vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.