Multiple vulnerabilities in Schneider Electric U.motion servers

http://beccajcampbell.com/tag/monica-lopez Overview :
Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers.
http://littlemagonline.com/tag/sergio-chavez/ Affected Product(s) :
U.motion servers :
  • MEG6501-0001 – U.motion KNX server
  • MEG6501-0002 – U.motion KNX Server Plus
  • MEG6260-0410 – U.motion KNX Server Plus, Touch 10
  • MEG6260-0415 – U.motion KNX Server Plus, Touch 15
Vulnerability Details :
CVE ID : CVE-2019-6835
CVSS v3.0 Base Score 5.4 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists, which could allow an attacker to inject client-side script when a user visits a web page.
CVE ID : CVE-2019-6836
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow the file system to access the wrong file.
CVE ID : CVE-2019-6837
CVSS v3.0 Base Score 9.6 | (Critical) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists, which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE ID : CVE-2019-6838
CVSS v3.0 Base Score 6.5 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to delete a critical file.
CVE ID : CVE-2019-6839
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to upload a rogue file.
CVE ID : CVE-2019-6840
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A Format String: CWE-134 vulnerability exists, which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

Solution : The vulnerabilities are fixed in version 1.3.7 and is available for download.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR

CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR

Description The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this

CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION

CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION

Description This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets

CVE-2023-49070 : APACHE OFBIZ UP TO 18.12.9 CODE INJECTION

CVE-2023-49070 : APACHE OFBIZ UP TO 18.12.9 CODE INJECTION

Description Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache