Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

schneider-electric u.motion vulnerabilities and exploits

(subscribe to this query)
4
CVSSv2
CVE-2020-7499
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
Schneider-electric Mtn6501-0001 FirmwareSchneider-electric Mtn6501-0002 FirmwareSchneider-electric Mtn6260-0410 FirmwareSchneider-electric Mtn6260-0415 FirmwareSchneider-electric Mtn6260-0310 FirmwareSchneider-electric Mtn6260-0315 Firmware
7.5
CVSSv2
CVE-2020-7500
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicio...
Schneider-electric Mtn6501-0001 FirmwareSchneider-electric Mtn6501-0002 FirmwareSchneider-electric Mtn6260-0410 FirmwareSchneider-electric Mtn6260-0415 FirmwareSchneider-electric Mtn6260-0310 FirmwareSchneider-electric Mtn6260-0315 Firmware
5.5
CVSSv2
CVE-2019-6838
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
6.5
CVSSv2
CVE-2019-6839
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), ...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
7.5
CVSSv2
CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an malicious use...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
3.5
CVSSv2
CVE-2019-6835
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an ma...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
5
CVSSv2
CVE-2019-6836
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the fi...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
6.4
CVSSv2
CVE-2019-6837
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could c...
Schneider-electric Meg6501-0001 FirmwareSchneider-electric Meg6501-0002 FirmwareSchneider-electric Meg6260-0410 FirmwareSchneider-electric Meg6260-0415 Firmware
7.5
CVSSv2
CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
Schneider-electric U.motion Builder 1.3.4
NA
CVE-2018-78412
Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook