Free Trial

Multiple vulnerabilities in Schneider Electric U.motion servers

http://beccajcampbell.com/tag/monica-lopez Overview :
Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers.
http://littlemagonline.com/tag/sergio-chavez/ Affected Product(s) :
U.motion servers :
  • MEG6501-0001 – U.motion KNX server
  • MEG6501-0002 – U.motion KNX Server Plus
  • MEG6260-0410 – U.motion KNX Server Plus, Touch 10
  • MEG6260-0415 – U.motion KNX Server Plus, Touch 15
Vulnerability Details :
CVE ID : CVE-2019-6835
CVSS v3.0 Base Score 5.4 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists, which could allow an attacker to inject client-side script when a user visits a web page.
CVE ID : CVE-2019-6836
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow the file system to access the wrong file.
CVE ID : CVE-2019-6837
CVSS v3.0 Base Score 9.6 | (Critical) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists, which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE ID : CVE-2019-6838
CVSS v3.0 Base Score 6.5 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to delete a critical file.
CVE ID : CVE-2019-6839
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to upload a rogue file.
CVE ID : CVE-2019-6840
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A Format String: CWE-134 vulnerability exists, which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

Solution : The vulnerabilities are fixed in version 1.3.7 and is available for download.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

Description Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via

Learn more
CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer

Learn more
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted

Learn more