Free Trial

Multiple vulnerabilities in Schneider Electric U.motion servers

Overview :
Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers.
Affected Product(s) :
U.motion servers :
  • MEG6501-0001 – U.motion KNX server
  • MEG6501-0002 – U.motion KNX Server Plus
  • MEG6260-0410 – U.motion KNX Server Plus, Touch 10
  • MEG6260-0415 – U.motion KNX Server Plus, Touch 15
Vulnerability Details :
CVE ID : CVE-2019-6835
CVSS v3.0 Base Score 5.4 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists, which could allow an attacker to inject client-side script when a user visits a web page.
CVE ID : CVE-2019-6836
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow the file system to access the wrong file.
CVE ID : CVE-2019-6837
CVSS v3.0 Base Score 9.6 | (Critical) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists, which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE ID : CVE-2019-6838
CVSS v3.0 Base Score 6.5 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to delete a critical file.
CVE ID : CVE-2019-6839
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to upload a rogue file.
CVE ID : CVE-2019-6840
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A Format String: CWE-134 vulnerability exists, which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

Solution : The vulnerabilities are fixed in version 1.3.7 and is available for download.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Learn more
CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Learn more
CVE-2024-50340 : SYMFONY INJECTION

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Learn more