U.motion Server Security Vulnerabilities and Issues — U.motion Server CVE List

cve

CVE-2019-6836

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to...

7.5CVSS

7.4AI Score

0.002EPSS

2019-09-17 08:15 PM

77

5

cve

CVE-2019-6835

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject...

5.4CVSS

5.2AI Score

0.001EPSS

2019-09-17 08:15 PM

81

2

cve

CVE-2019-6840

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted...

9.8CVSS

9.2AI Score

0.002EPSS

2019-09-17 08:15 PM

74

2

cve

CVE-2019-6839

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow.....

8.8CVSS

8.5AI Score

0.001EPSS

2019-09-17 08:15 PM

86

cve

CVE-2019-6837

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server...

9.1CVSS

9AI Score

0.002EPSS

2019-09-17 08:15 PM

90

2

cve

CVE-2019-6838

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low...

6.5CVSS

6.4AI Score

0.001EPSS

2019-09-17 08:15 PM

84

4

cve

CVE-2018-7777

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target...

8.8CVSS

8.3AI Score

0.015EPSS

2018-07-03 02:29 PM

62