CVE-2019-6836

An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.

Source: CVE-2019-6836

CVE-2019-6833

A CWE-754 ? Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of – HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

Source: CVE-2019-6833

CVE-2019-6835

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.

Source: CVE-2019-6835

CVE-2019-6831

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.

Source: CVE-2019-6831

CVE-2019-6830

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.

Source: CVE-2019-6830

CVE-2019-6828

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.

Source: CVE-2019-6828

CVE-2019-6826

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

Source: CVE-2019-6826

CVE-2019-6813

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

Source: CVE-2019-6813

CVE-2019-6832

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 – formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.

Source: CVE-2019-6832

CVE-2019-13538

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.

Source: CVE-2019-13538