Schneider-Electric Meg6501-0001 Firmware vulnerabilities

6 known vulnerabilities affecting schneider-electric/meg6501-0001_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-6837CRITICALCVSS 9.1fixed in 1.3.72019-09-17
CVE-2019-6837 [CRITICAL] CWE-918 CVE-2019-6837: A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a
nvd
CVE-2019-6840CRITICALCVSS 9.8fixed in 1.3.72019-09-17
CVE-2019-6840 [CRITICAL] CWE-134 CVE-2019-6840: A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary c
nvd
CVE-2019-6836HIGHCVSS 7.5fixed in 1.3.72019-09-17
CVE-2019-6836 [HIGH] CWE-863 CVE-2019-6836: A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.
nvd
CVE-2019-6839HIGHCVSS 8.8fixed in 1.3.72019-09-17
CVE-2019-6839 [HIGH] CWE-434 CVE-2019-6839: A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server ( A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.
nvd
CVE-2019-6835MEDIUMCVSS 5.4fixed in 1.3.72019-09-17
CVE-2019-6835 [MEDIUM] CWE-79 CVE-2019-6835: A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.
nvd
CVE-2019-6838MEDIUMCVSS 6.5fixed in 1.3.72019-09-17
CVE-2019-6838 [MEDIUM] CWE-863 CVE-2019-6838: A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.
nvd