cvelistv5 - CVE-2020-7499

CVE-2020-7499 (GCVE-0-2020-7499)

Vulnerability from cvelistv5 – Published: 2020-06-16 19:16 – Updated: 2024-08-04 09:33

Summary

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

Severity ?

No CVSS data available.

CWE

CWE-863 - Incorrect Authorization

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	U.motion Servers and Touch Panels (affected versions listed in the security notification)	Affected: U.motion Servers and Touch Panels (affected versions listed in the security notification)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-19T12:20:51",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7499",
    "datePublished": "2020-06-16T19:16:53",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"B0B3DF18-FE18-4465-8223-8AF2B286746D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E79A6F-C946-43A7-B492-7F3F8CFB18CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"CF40C8EB-9735-43D5-A947-087EFE6AF6F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B17C76A-749C-44DA-8144-51E4328C4768\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"AB0811DB-2E4D-4A14-8F87-2C24189D352A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D91BDED-9BCF-473A-AB1B-824AA1EDE586\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"E369B5A4-1F69-48C1-8C07-0E7C61683EDA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"436B2EB8-6D93-41FF-BD6E-932D69C4E197\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"0176D45B-9007-4558-8D72-B56454EB9733\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F046097B-B818-4775-A53D-B22F258CB255\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DD21D34-FBBD-4645-8C60-42825281D0FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.\"}, {\"lang\": \"es\", \"value\": \"Una CWE-863: Se presenta una vulnerabilidad de autorizaci\\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\\u00f3n de seguridad) que podr\\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados\"}]",
      "id": "CVE-2020-7499",
      "lastModified": "2024-11-21T05:37:15.883",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-16T20:15:14.770",
      "references": "[{\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7499\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-06-16T20:15:14.770\",\"lastModified\":\"2024-11-21T05:37:15.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.\"},{\"lang\":\"es\",\"value\":\"Una CWE-863: Se presenta una vulnerabilidad de autorizaci\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) que podr\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"B0B3DF18-FE18-4465-8223-8AF2B286746D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E79A6F-C946-43A7-B492-7F3F8CFB18CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"CF40C8EB-9735-43D5-A947-087EFE6AF6F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B17C76A-749C-44DA-8144-51E4328C4768\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"AB0811DB-2E4D-4A14-8F87-2C24189D352A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D91BDED-9BCF-473A-AB1B-824AA1EDE586\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"E369B5A4-1F69-48C1-8C07-0E7C61683EDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"436B2EB8-6D93-41FF-BD6E-932D69C4E197\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"0176D45B-9007-4558-8D72-B56454EB9733\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F046097B-B818-4775-A53D-B22F258CB255\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD21D34-FBBD-4645-8C60-42825281D0FE\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

GSD-2020-7499

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7499

Aliases

CVE-2020-7499

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7499",
    "description": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.",
    "id": "GSD-2020-7499"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7499"
      ],
      "details": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.",
      "id": "GSD-2020-7499",
      "modified": "2023-12-13T01:21:51.935794Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2020-7499",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-863: Incorrect Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7499"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-03T14:25Z",
      "publishedDate": "2020-06-16T20:15Z"
    }
  }
}

GHSA-GRG5-9RJQ-MRF9

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.",
  "id": "GHSA-grg5-9rjq-mrf9",
  "modified": "2022-05-24T17:20:39Z",
  "published": "2022-05-24T17:20:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7499"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-7499

Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2024-11-21 05:37

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2020-133-03/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2020-133-03/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	mtn6501-0001_firmware	*
schneider-electric	mtn6501-0001	-
schneider-electric	mtn6501-0002_firmware	*
schneider-electric	mtn6501-0002	-
schneider-electric	mtn6260-0410_firmware	*
schneider-electric	mtn6260-0410	-
schneider-electric	mtn6260-0415_firmware	*
schneider-electric	mtn6260-0415	-
schneider-electric	mtn6260-0310_firmware	*
schneider-electric	mtn6260-0310	-
schneider-electric	mtn6260-0315_firmware	*
schneider-electric	mtn6260-0315	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
    },
    {
      "lang": "es",
      "value": "Una CWE-863: Se presenta una vulnerabilidad de autorizaci\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) que podr\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados"
    }
  ],
  "id": "CVE-2020-7499",
  "lastModified": "2024-11-21T05:37:15.883",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-16T20:15:14.770",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7499 (GCVE-0-2020-7499)

CERTFR-2020-AVI-280

Solution

CERTFR-2020-AVI-280

Solution

GSD-2020-7499

GHSA-GRG5-9RJQ-MRF9

FKIE_CVE-2020-7499

Tags

Sightings

Nomenclature