CVE-2019-6838

MEDIUM

Description

An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.

References

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01

Details

Source: MITRE

Published: 2019-09-17

Updated: 2019-10-09

Type: CWE-863

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM