Overview :
Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers.
Affected Product(s) :
U.motion servers :
  • MEG6501-0001 – U.motion KNX server
  • MEG6501-0002 – U.motion KNX Server Plus
  • MEG6260-0410 – U.motion KNX Server Plus, Touch 10
  • MEG6260-0415 – U.motion KNX Server Plus, Touch 15
Vulnerability Details :
CVE ID : CVE-2019-6835
CVSS v3.0 Base Score 5.4 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists, which could allow an attacker to inject client-side script when a user visits a web page.
CVE ID : CVE-2019-6836
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow the file system to access the wrong file.
CVE ID : CVE-2019-6837
CVSS v3.0 Base Score 9.6 | (Critical) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists, which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE ID : CVE-2019-6838
CVSS v3.0 Base Score 6.5 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to delete a critical file.
CVE ID : CVE-2019-6839
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An Improper Access Control: CWE-284 vulnerability exists, which could allow a user with low privileges to upload a rogue file.
CVE ID : CVE-2019-6840
CVSS v3.0 Base Score 8.8 | (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A Format String: CWE-134 vulnerability exists, which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

Solution : The vulnerabilities are fixed in version 1.3.7 and is available for download.