cvelistv5 - cve-2020-7500

CVE-2020-7500 (GCVE-0-2020-7500)

Vulnerability from cvelistv5 – Published: 2020-06-16 19:21 – Updated: 2024-08-04 09:33

Summary

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

Severity ?

No CVSS data available.

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	U.motion Servers and Touch Panels (affected versions listed in the security notification)	Affected: U.motion Servers and Touch Panels (affected versions listed in the security notification)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:21:54",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7500",
    "datePublished": "2020-06-16T19:21:54",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"B0B3DF18-FE18-4465-8223-8AF2B286746D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E79A6F-C946-43A7-B492-7F3F8CFB18CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"CF40C8EB-9735-43D5-A947-087EFE6AF6F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B17C76A-749C-44DA-8144-51E4328C4768\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"AB0811DB-2E4D-4A14-8F87-2C24189D352A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D91BDED-9BCF-473A-AB1B-824AA1EDE586\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"E369B5A4-1F69-48C1-8C07-0E7C61683EDA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"436B2EB8-6D93-41FF-BD6E-932D69C4E197\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"0176D45B-9007-4558-8D72-B56454EB9733\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F046097B-B818-4775-A53D-B22F258CB255\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DD21D34-FBBD-4645-8C60-42825281D0FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.\"}, {\"lang\": \"es\", \"value\": \"Una CWE-89: Se presenta una vulnerabilidad de Neutralizaci\\u00f3n Inapropiada de Elementos Especiales utilizados en un Comando SQL (\\\"SQL Injection\u0027\u0027) en U.motion Servers and Touch Panels  (versiones afectadas listadas en la notificaci\\u00f3n de seguridad) lo cual podr\\u00edan causar una ejecuci\\u00f3n de c\\u00f3digo arbitraria cuando un comando malicioso es ingresado\"}]",
      "id": "CVE-2020-7500",
      "lastModified": "2024-11-21T05:37:16.007",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-16T20:15:14.863",
      "references": "[{\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7500\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-06-16T20:15:14.863\",\"lastModified\":\"2024-11-21T05:37:16.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.\"},{\"lang\":\"es\",\"value\":\"Una CWE-89: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales utilizados en un Comando SQL (\\\"SQL Injection\u0027\u0027) en U.motion Servers and Touch Panels  (versiones afectadas listadas en la notificaci\u00f3n de seguridad) lo cual podr\u00edan causar una ejecuci\u00f3n de c\u00f3digo arbitraria cuando un comando malicioso es ingresado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"B0B3DF18-FE18-4465-8223-8AF2B286746D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E79A6F-C946-43A7-B492-7F3F8CFB18CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"CF40C8EB-9735-43D5-A947-087EFE6AF6F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B17C76A-749C-44DA-8144-51E4328C4768\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"AB0811DB-2E4D-4A14-8F87-2C24189D352A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D91BDED-9BCF-473A-AB1B-824AA1EDE586\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"E369B5A4-1F69-48C1-8C07-0E7C61683EDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"436B2EB8-6D93-41FF-BD6E-932D69C4E197\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"0176D45B-9007-4558-8D72-B56454EB9733\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F046097B-B818-4775-A53D-B22F258CB255\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD21D34-FBBD-4645-8C60-42825281D0FE\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

FKIE_CVE-2020-7500

Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2024-11-21 05:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2020-133-03/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2020-133-03/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	mtn6501-0001_firmware	*
schneider-electric	mtn6501-0001	-
schneider-electric	mtn6501-0002_firmware	*
schneider-electric	mtn6501-0002	-
schneider-electric	mtn6260-0410_firmware	*
schneider-electric	mtn6260-0410	-
schneider-electric	mtn6260-0415_firmware	*
schneider-electric	mtn6260-0415	-
schneider-electric	mtn6260-0310_firmware	*
schneider-electric	mtn6260-0310	-
schneider-electric	mtn6260-0315_firmware	*
schneider-electric	mtn6260-0315	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
    },
    {
      "lang": "es",
      "value": "Una CWE-89: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales utilizados en un Comando SQL (\"SQL Injection\u0027\u0027) en U.motion Servers and Touch Panels  (versiones afectadas listadas en la notificaci\u00f3n de seguridad) lo cual podr\u00edan causar una ejecuci\u00f3n de c\u00f3digo arbitraria cuando un comando malicioso es ingresado"
    }
  ],
  "id": "CVE-2020-7500",
  "lastModified": "2024-11-21T05:37:16.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-16T20:15:14.863",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-7500

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7500

Aliases

CVE-2020-7500

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7500",
    "description": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.",
    "id": "GSD-2020-7500"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7500"
      ],
      "details": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.",
      "id": "GSD-2020-7500",
      "modified": "2023-12-13T01:21:52.026928Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2020-7500",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7500"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-01-31T20:07Z",
      "publishedDate": "2020-06-16T20:15Z"
    }
  }
}

GHSA-PVQ3-JWGR-P6QW

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-16T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.",
  "id": "GHSA-pvq3-jwgr-p6qw",
  "modified": "2022-05-24T17:20:39Z",
  "published": "2022-05-24T17:20:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7500"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7500 (GCVE-0-2020-7500)

CERTFR-2020-AVI-280

Solution

CERTFR-2020-AVI-280

Solution

FKIE_CVE-2020-7500

GSD-2020-7500

GHSA-PVQ3-JWGR-P6QW

Tags

Sightings

Nomenclature