Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric u.motion vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-7499
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
Schneider-electric Mtn6501-0001 Firmware
Schneider-electric Mtn6501-0002 Firmware
Schneider-electric Mtn6260-0410 Firmware
Schneider-electric Mtn6260-0415 Firmware
Schneider-electric Mtn6260-0310 Firmware
Schneider-electric Mtn6260-0315 Firmware
9.8
CVSSv3
CVE-2020-7500
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicio...
Schneider-electric Mtn6501-0001 Firmware
Schneider-electric Mtn6501-0002 Firmware
Schneider-electric Mtn6260-0410 Firmware
Schneider-electric Mtn6260-0415 Firmware
Schneider-electric Mtn6260-0310 Firmware
Schneider-electric Mtn6260-0315 Firmware
9.8
CVSSv3
CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an malicious use...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
7.5
CVSSv3
CVE-2019-6836
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the fi...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
9.1
CVSSv3
CVE-2019-6837
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could c...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
5.4
CVSSv3
CVE-2019-6835
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an ma...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
6.5
CVSSv3
CVE-2019-6838
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
8.8
CVSSv3
CVE-2019-6839
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), ...
Schneider-electric Meg6501-0001 Firmware
Schneider-electric Meg6501-0002 Firmware
Schneider-electric Meg6260-0410 Firmware
Schneider-electric Meg6260-0415 Firmware
9.8
CVSSv3
CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
Schneider-electric U.motion Builder 1.3.4
1 EDB exploit
NA
CVE-2018-78412
Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »