CVE-2019-6838

MEDIUM

Description

An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.

References

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01

Details

Source: MITRE

Published: 2019-09-17

Updated: 2019-09-18

Type: CWE-863

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM