VulnCheck KEV: CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer...

Schneider Electric SpaceLogic C-Bus Toolkit

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : SpaceLogic C-Bus Toolkit Vulnerabilities : Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...

CVE-2022-32514

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...

CVE-2022-32514

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...

CVE-2022-32514

CVE-2022-32514 describes an improper authentication vulnerability that could let an attacker gain control of the device by logging into a web page. Affected products include Schneider Electric C‑Bus Network Automation Controller (LSS5500NAC), Wiser for C‑Bus Automation Controller (LSS5500SHAC), C...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Summary SpaceLogic C-Bus Home Automation System Lighting control and automation solutions for buildings of the future, part of SpaceLogic. SpaceLogic C-Bus is a powerful, fully integrated system that can control and automate lighting and many other electrical systems and products. The SpaceLogic...

CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...

CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...

Command injection

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...

CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...

CVE-2022-34753

CVE-2022-34753 affects Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2), formerly C-Bus Wiser Home Controller MK2, up to version 1.31.460 (firmware 604). The vulnerability is an authenticated OS command injection vulnerability that allows remote root execution when a crafted command...

Schneider Electric SpaceLogic C-Bus Home Controller 操作系统命令注入漏洞

The Schneider Electric SpaceLogic C-Bus Home Controller is a powerful, fully integrated system from Schneider Electric, France. It can control and automate lighting and many other electrical systems and products. An operating system command injection vulnerability exists in Schneider Electric...

CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer Controlle...

The vulnerabilities of Schneider Electric’s automation controllers with microprogrammed software, such as C-Bus (LSS5500NAC), Wiser for C-Bus (LSS5500SHAC), Clipsal C-Bus (5500NAC), Clipsal Wiser for C-Bus (5500SHAC), and SpaceLogic C-Bus (5500NAC2), SpaceLogic C-Bus (5500AC2), are related to errors during authentication procedures. These vulnerabilities allow attackers to gain full access to the devices.

The vulnerabilities of Schneider Electric’s automation controllers—C-Bus LSS5500NAC, Wiser for C-Bus LSS5500SHAC, Clipsal C-Bus 5500NAC, Clipsal Wiser for C-Bus 5500SHAC, and SpaceLogic C-Bus 5500NAC2, 5500AC2—are related to authentication process errors. Exploiting these vulnerabilities can allo...

The vulnerabilities of Schneider Electric’s automation controllers with microprogrammed software, such as C-Bus (LSS5500NAC), Wiser for C-Bus (LSS5500SHAC), Clipsal C-Bus (5500NAC), Clipsal Wiser for C-Bus (5500SHAC), and SpaceLogic C-Bus (5500NAC2), are related to weak password requirements. This allows attackers to gain full access to the devices.

The vulnerabilities of Schneider Electric’s automation controllers with microprogrammed software, such as C-Bus LSS5500NAC, Wiser for C-Bus LSS5500SHAC, Clipsal C-Bus 5500NAC, Clipsal Wiser for C-Bus 5500SHAC, and SpaceLogic C-Bus 5500NAC2, 5500AC2, are related to weak password requirements...