1. CVE-Search
  2. CVE-2019-6837
ID CVE-2019-6837
Summary A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.
References
Vulnerable Configurations
  • cpe:2.3:o:schneider-electric:meg6501-0001_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0001_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0001:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415:-:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 30-11-2022 - 21:47)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
confirm https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01
Last major update 30-11-2022 - 21:47
Published 17-09-2019 - 20:15
Last modified 30-11-2022 - 21:47
Back to Top