← Back

Meg6501 0002 Firmware

meg6501-0002_firmware

Vendor: Schneider Electric • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-6840
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KN...Show more
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.Show less
CVE-2019-6839
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, To...Show more
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.Show less
CVE-2019-6838
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U...Show more
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.Show less
CVE-2019-6837
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG62...Show more
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.Show less
CVE-2019-6836
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U...Show more
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.Show less
CVE-2019-6835
1Schneider Electric
4Meg6260 0410 Firmware
Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more
Nov 21, 2024
Sep 17, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 -...Show more
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.Show less