ID CVE-2019-6838
Summary A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.
References
Vulnerable Configurations
  • cpe:2.3:o:schneider-electric:meg6501-0001_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0001_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0001:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0001:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6501-0002:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6501-0002:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0410:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0410:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415_firmware:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415_firmware:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:meg6260-0415:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:meg6260-0415:-:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 16-04-2021 - 22:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:P
refmap via4
confirm https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01
Last major update 16-04-2021 - 22:15
Published 17-09-2019 - 20:15
Last modified 16-04-2021 - 22:15
Back to Top