CVE-2019-6837
CRITICALU.motion Server Firmware < 1.3.7 - Server-Side Request Forgery via URL Manipulation
Title source: llmDescription
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01
Scores
CVSS v3
9.1
EPSS
0.0025
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (4)
schneider-electric/meg6260-0410_firmware
< 1.3.7
schneider-electric/meg6260-0415_firmware
< 1.3.7
schneider-electric/meg6501-0001_firmware
< 1.3.7
schneider-electric/meg6501-0002_firmware
< 1.3.7
Published
Sep 17, 2019
Tracked Since
Feb 18, 2026