Search criteria
6 vulnerabilities found for mtn6260-0310_firmware by schneider-electric
FKIE_CVE-2020-7499
Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
},
{
"lang": "es",
"value": "Una CWE-863: Se presenta una vulnerabilidad de autorizaci\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) que podr\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados"
}
],
"id": "CVE-2020-7499",
"lastModified": "2024-11-21T05:37:15.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T20:15:14.770",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7500
Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
},
{
"lang": "es",
"value": "Una CWE-89: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales utilizados en un Comando SQL (\"SQL Injection\u0027\u0027) en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) lo cual podr\u00edan causar una ejecuci\u00f3n de c\u00f3digo arbitraria cuando un comando malicioso es ingresado"
}
],
"id": "CVE-2020-7500",
"lastModified": "2024-11-21T05:37:16.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T20:15:14.863",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7500 (GCVE-0-2020-7500)
Vulnerability from cvelistv5 – Published: 2020-06-16 19:21 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | U.motion Servers and Touch Panels (affected versions listed in the security notification) |
Affected:
U.motion Servers and Touch Panels (affected versions listed in the security notification)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:21:54",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"version": {
"version_data": [
{
"version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7500",
"datePublished": "2020-06-16T19:21:54",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7499 (GCVE-0-2020-7499)
Vulnerability from cvelistv5 – Published: 2020-06-16 19:16 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | U.motion Servers and Touch Panels (affected versions listed in the security notification) |
Affected:
U.motion Servers and Touch Panels (affected versions listed in the security notification)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T12:20:51",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"version": {
"version_data": [
{
"version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7499",
"datePublished": "2020-06-16T19:16:53",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7500 (GCVE-0-2020-7500)
Vulnerability from nvd – Published: 2020-06-16 19:21 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
Severity ?
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | U.motion Servers and Touch Panels (affected versions listed in the security notification) |
Affected:
U.motion Servers and Touch Panels (affected versions listed in the security notification)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:21:54",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"version": {
"version_data": [
{
"version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7500",
"datePublished": "2020-06-16T19:21:54",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7499 (GCVE-0-2020-7499)
Vulnerability from nvd – Published: 2020-06-16 19:16 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | U.motion Servers and Touch Panels (affected versions listed in the security notification) |
Affected:
U.motion Servers and Touch Panels (affected versions listed in the security notification)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T12:20:51",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
"version": {
"version_data": [
{
"version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7499",
"datePublished": "2020-06-16T19:16:53",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}