Cross-Site Scripting Vulnerability in Schneider Electric U.motion Products
CVE-2019-6835

5.4MEDIUM

Key Information:

Vendor: Schneider Electric
Status: U.motion Server
Vendor: CVE Published:; 17 September 2019

Summary

A Cross-Site Scripting (XSS) vulnerability in Schneider Electric's U.motion Server can allow attackers to inject malicious client-side scripts. This risk emerges when users visit compromised web pages associated with the affected U.motion products, leading to potential exploitation of user sessions and extraction of sensitive information.

Affected Version(s)

U.motion Server MEG6501-0001 - U.motion KNX server

U.motion Server MEG6501-0002 - U.motion KNX Server Plus

U.motion Server MEG6260-0410 - U.motion KNX Server Plus

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019