Lucene search

[email protected]CVE-2019-6835

HistorySep 17, 2019 - 8:15 p.m.

CVE-2019-6835

2019-09-1720:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-6835

cross-site scripting

xss

u.motion server

meg6501-0001

meg6501-0002

meg6260-0410

meg6260-0415

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

JSON

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.

Affected configurations

NVD

Node

schneider-electricmeg6501-0001_firmwareRange<1.3.7

AND

schneider-electricmeg6501-0001Match-

Node

schneider-electricmeg6501-0002_firmwareRange<1.3.7

AND

schneider-electricmeg6501-0002Match-

Node

schneider-electricmeg6260-0410_firmwareRange<1.3.7

AND

schneider-electricmeg6260-0410Match-

Node

schneider-electricmeg6260-0415_firmwareRange<1.3.7

AND

schneider-electricmeg6260-0415Match-

CPENameOperatorVersion
schneider-electric:meg6501-0001_firmwareschneider-electric meg6501-0001 firmwarelt1.3.7

CPE	Name	Operator	Version
schneider-electric:meg6501-0001_firmware	schneider-electric meg6501-0001 firmware	lt	1.3.7

CNA Affected

[
  {
    "product": "U.motion Server",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "MEG6501-0001 - U.motion KNX server"
      },
      {
        "status": "affected",
        "version": "MEG6501-0002 - U.motion KNX Server Plus"
      },
      {
        "status": "affected",
        "version": "MEG6260-0410 - U.motion KNX Server Plus"
      },
      {
        "status": "affected",
        "version": "Touch 10"
      },
      {
        "status": "affected",
        "version": "MEG6260-0415 - U.motion KNX Server Plus"
      },
      {
        "status": "affected",
        "version": "Touch 15"
      }
    ]
  }
]

References

www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2019-6835

prion1 cvelist1 nvd1