SPH Engineering UgCS Arbitrary Code Execution Vulnerability

A vulnerability allowing arbitrary code execution has been identified in SPH Engineering UgCS version 5.13.0. The issue arises in the Ardupilot MAV parsing component, where the parser evaluates XML attributes using the eval function. An attacker could exploit this by crafting an XML file with a malicious value attribute that, when parsed, would execute arbitrary code. For example, a value attribute could be crafted to execute a system command via Python's os module.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where UgCS is running.

Reproduction

To reproduce this vulnerability, create an XML file containing a value attribute with a payload designed to be executed by the Python eval function. The crafted XML file must be processed by the UgCS application, specifically targeting the Ardupilot MAV parsing functionality. Once the file is parsed, the payload will be executed, demonstrating the arbitrary code execution vulnerability.