CVE-2019-6840
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-6840
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部控制的格式字符串
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Schneider Electric产品格式化字符串错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric MEG6501-0001等都是法国施耐德电气(Schneider Electric)公司的一套基于Web的可视化系统。该系统主要用于基于KNX的家庭和楼宇自动化。 多款Schneider Electric产品中存在格式化字符串错误漏洞。该漏洞源于网络系统或产品接收外部格式化字符串作为参数时,对参数类型、数量等过滤不严格。以下产品及版本受到影响:使用1.3.7之前版本固件的Schneider Electric MEG6501-0001;使用1.3.7之前版本固件的MEG
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric SE | U.motion Server | MEG6501-0001 - U.motion KNX server | - |
II. Public POCs for CVE-2019-6840
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-6840
请登录查看更多情报信息。
Same Patch Batch · Schneider Electric SE · 2019-09-17 · 13 CVEs total
| CVE-2019-6828 | 多款Schneider Electric产品安全漏洞 | |
| CVE-2019-6826 | Schneider Electric SoMachine HVAC 代码问题漏洞 | |
| CVE-2019-6811 | Schneider Electric Quantum 140 NOE771x1 代码问题漏洞 | |
| CVE-2019-6810 | Schneider Electric BMXNOR0200H Ethernet/Serial RTU module 安全漏洞 | |
| CVE-2019-6809 | 多款Schneider Electric产品安全漏洞 | |
| CVE-2018-7820 | Schneider Electric APC UPS Network Management Card 2 信任管理问题漏洞 | |
| CVE-2019-6829 | Schneider Electric Modicon M340和Modicon M580 安全漏洞 | |
| CVE-2019-6833 | 多款Schneider Electric产品代码问题漏洞 | |
| CVE-2019-6832 | Schneider Electric Wiser for KNX和spaceLYnk 授权问题漏洞 | |
| CVE-2019-6831 | Schneider Electric BMXNOR0200H Ethernet/Serial RTU module 代码问题漏洞 | |
| CVE-2019-6830 | Schneider Electric Modicon M580 安全漏洞 | |
| CVE-2019-6835 | 多款Schneider Electric产品跨站脚本漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-134
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-6539
Notepad++ 8.9.3 Format String Injection via nativeLang.xml - CVE-2026-6843
Nano: nano: format string vulnerability leads to denial of s - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2026-33210
Ruby JSON has a format string injection vulnerability
V. Comments for CVE-2019-6840
No comments yet