CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6840
https://notcve.org/view.php?id=CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. Una Cadena de Formato: Se presenta una vulnerabilidad CWE-134 en U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), lo que podría permitir a un atacante enviar un mensaje diseñado hacia servidor de destino, causando de este modo comandos arbitrarios a ser ejecutados. • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6839
https://notcve.org/view.php?id=CVE-2019-6839
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file. Existe una vulnerabilidad CWE-434: Carga no restringida de archivos de tipo peligroso en U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), que podría permitir a un usuario con bajos privilegios cargar un archivo falso • https://www.se.com/ww/en/download/document/SEVD-2019-253-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6838
https://notcve.org/view.php?id=CVE-2019-6838
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file. Un Control de Acceso Inapropiado: Se presenta una vulnerabilidad CWE-863 en U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10 , MEG6260-0415 - U.motion KNX Server Plus, Touch 15), lo que podría permitir a un usuario con pocos privilegios eliminar un archivo crítico • https://www.se.com/ww/en/download/document/SEVD-2019-253-01 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6837
https://notcve.org/view.php?id=CVE-2019-6837
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. Una vulnerabilidad Server-Side Request Forgery (SSRF): Se presenta una vulnerabilidad CWE-918 en U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), lo que podría causar que datos de configuración del servidor sean expuestos cuando un atacante modifica una URL. • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6836
https://notcve.org/view.php?id=CVE-2019-6836
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file. Un Control de Acceso Incorrecto: Se presenta una vulnerabilidad CWE-863 en U.motion Server (MEG6501-0001 - U.motion KNX Server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), que podría permitir que el sistema de archivos acceda al archivo incorrecto • https://www.se.com/ww/en/download/document/SEVD-2019-253-01 • CWE-863: Incorrect Authorization •