Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34801)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in several Schneider Electric products. A...

Cross-site scripting vulnerability in multiple Schneider Electric products (CNVD-2019-34798)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A cross-site scripting vulnerability exists in several Schneider Electric products. An attacker...

CVE-2019-6835

A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...

CVE-2019-6838

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a user with low privilege...

PT-2019-18372 · Unknown · U.Motion Server

Name of the Vulnerable Software and Affected Versions: U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 Description: A Server-Side Request Forgery SSRF...