cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-7500,https://securityvulnerability.io/vulnerability/CVE-2020-7500,SQL Injection Vulnerability in U.motion Servers and Touch Panels by Schneider Electric,"A vulnerability in U.motion Servers and Touch Panels allows for SQL Injection attacks, potentially enabling an attacker to execute arbitrary commands. This vulnerability arises from improper handling of special elements in SQL commands, making it crucial for users to apply the recommended security updates and patches to safeguard their systems against exploitation.",Schneider Electric,U.motion Servers And Touch Panels (affected Versions Listed In The Security Notification),9.8,CRITICAL,0.0019399999873712659,false,,false,false,false,,,false,false,,2020-06-16T19:21:54.000Z,0
CVE-2020-7499,https://securityvulnerability.io/vulnerability/CVE-2020-7499,Incorrect Authorization in U.motion Servers and Touch Panels by Schneider Electric,"An incorrect authorization vulnerability affects U.motion Servers and Touch Panels, where low-privileged users can exploit the system to make unauthorized changes. This flaw poses serious risks as it allows individuals with minimal access permissions to manipulate settings or data within the system, potentially leading to further security breaches. Proper controls and validation checks are necessary to mitigate such vulnerabilities and protect the integrity of the affected products.",Schneider Electric,U.motion Servers And Touch Panels (affected Versions Listed In The Security Notification),6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-06-16T19:16:53.000Z,0
CVE-2019-6840,https://securityvulnerability.io/vulnerability/CVE-2019-6840,Format String Vulnerability in U.motion KNX Server by Schneider Electric,"A format string vulnerability exists in Schneider Electric's U.motion KNX Server, affecting multiple versions including MEG6501-0001, MEG6501-0002, and others. This security flaw allows attackers to craft malicious messages that, when sent to the server, can trigger the execution of arbitrary commands. This vulnerability can pose significant risks to users, highlighting the importance of applying security updates and best practices in the use of the affected products.",Schneider Electric,U.motion Server,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-09-17T19:19:36.000Z,0
CVE-2019-6839,https://securityvulnerability.io/vulnerability/CVE-2019-6839,Unrestricted File Upload Vulnerability in U.motion Server by Schneider Electric,"A vulnerability exists in the U.motion Server products that allows users with minimal privileges to upload files without proper restrictions. This weakness can lead to the introduction of potentially harmful files into the server environment, enabling unauthorized access and exploitation which can compromise system integrity. Affected Schneider Electric products include several models of U.motion KNX servers and Touch interfaces.",Schneider Electric,"U.motion Servers (meg6501-0001 - U.motion Knx Server, Meg6501-0002 - U.motion Knx Server Plus, Meg6260-0410 - U.motion Knx Server Plus, Touch 10, And Meg6260-0415 - U.motion Knx Server Plus, Touch 1)",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-09-17T19:17:33.000Z,0
CVE-2019-6838,https://securityvulnerability.io/vulnerability/CVE-2019-6838,Incorrect Authorization Vulnerability in U.motion Server by Schneider Electric,"An incorrect authorization vulnerability in U.motion Server allows users with limited privileges to delete critical files. This misconfiguration could lead to severe consequences within the system operations, as unauthorized users gain access to functionalities that should be restricted. The affected models include various versions of the U.motion KNX server, which are widely used in automation systems, highlighting the importance of applying security updates and ensuring proper access controls.",Schneider Electric,"U.motion Servers (meg6501-0001 - U.motion Knx Server, Meg6501-0002 - U.motion Knx Server Plus, Meg6260-0410 - U.motion Knx Server Plus, Touch 10, And Meg6260-0415 - U.motion Knx Server Plus, Touch 1)",6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-17T19:16:38.000Z,0
CVE-2019-6836,https://securityvulnerability.io/vulnerability/CVE-2019-6836,Incorrect Authorization Vulnerability in Schneider Electric U.motion Servers,"An incorrect authorization vulnerability exists in Schneider Electric’s U.motion Server products, allowing unauthorized access to the file system. This flaw can potentially permit access to sensitive files that should remain protected, thereby exposing critical information and increasing the risk of exploitation. Organizations using affected versions should prioritize implementing patches and reviewing security protocols to mitigate risks associated with this vulnerability.",Schneider Electric,"U.motion Servers (meg6501-0001 - U.motion Knx Server, Meg6501-0002 - U.motion Knx Server Plus, Meg6260-0410 - U.motion Knx Server Plus, Touch 10, And Meg6260-0415 - U.motion Knx Server Plus, Touch 1)",7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2019-09-17T19:14:36.000Z,0
CVE-2019-6835,https://securityvulnerability.io/vulnerability/CVE-2019-6835,Cross-Site Scripting Vulnerability in Schneider Electric U.motion Products,"A Cross-Site Scripting (XSS) vulnerability in Schneider Electric's U.motion Server can allow attackers to inject malicious client-side scripts. This risk emerges when users visit compromised web pages associated with the affected U.motion products, leading to potential exploitation of user sessions and extraction of sensitive information.",Schneider Electric,U.motion Server,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-17T19:13:26.000Z,0
CVE-2018-7772,https://securityvulnerability.io/vulnerability/CVE-2018-7772,,"The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.",Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7777,https://securityvulnerability.io/vulnerability/CVE-2018-7777,,"The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.",Schneider Electric,U.motion,8.8,HIGH,0.012299999594688416,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7784,https://securityvulnerability.io/vulnerability/CVE-2018-7784,,"In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.",Schneider Electric,U.motion Builder,9.8,CRITICAL,0.00506999995559454,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7763,https://securityvulnerability.io/vulnerability/CVE-2018-7763,,The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.,Schneider Electric,U.motion,4.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7766,https://securityvulnerability.io/vulnerability/CVE-2018-7766,,The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7786,https://securityvulnerability.io/vulnerability/CVE-2018-7786,,"In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.",Schneider Electric,U.motion Builder,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7773,https://securityvulnerability.io/vulnerability/CVE-2018-7773,,The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7785,https://securityvulnerability.io/vulnerability/CVE-2018-7785,,"In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.",Schneider Electric,U.motion Builder,9.8,CRITICAL,0.0022499999031424522,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7776,https://securityvulnerability.io/vulnerability/CVE-2018-7776,,The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.,Schneider Electric,U.motion,4.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7768,https://securityvulnerability.io/vulnerability/CVE-2018-7768,,The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7771,https://securityvulnerability.io/vulnerability/CVE-2018-7771,,The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.,Schneider Electric,U.motion,8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7767,https://securityvulnerability.io/vulnerability/CVE-2018-7767,,The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7764,https://securityvulnerability.io/vulnerability/CVE-2018-7764,,The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.,Schneider Electric,U.motion,4.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7765,https://securityvulnerability.io/vulnerability/CVE-2018-7765,,The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.001550000044517219,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7769,https://securityvulnerability.io/vulnerability/CVE-2018-7769,,The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7770,https://securityvulnerability.io/vulnerability/CVE-2018-7770,,The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.,Schneider Electric,U.motion,6.5,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7787,https://securityvulnerability.io/vulnerability/CVE-2018-7787,,"In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.",Schneider Electric,U.motion Builder,5.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2018-7774,https://securityvulnerability.io/vulnerability/CVE-2018-7774,,The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.,Schneider Electric,U.motion,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2018-04-05T00:00:00.000Z,0