CVE-2021-22732

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server...

CVE-2021-22806

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...

CVE-2021-22806

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...

Schneider Electric 多款产品安全漏洞

Schneider Electric spaceLYnk and Wiser for KNX are both products of Schneider Electric, a French company. spaceLYnk is a programmable logic controller. wiser for KNX is a home automation control system. A security vulnerability exists in several Schneider Electric products that originates from...

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

PT-2022-6546 · Unknown +1 · Wiser For Knx +2

Name of the Vulnerable Software and Affected Versions: spaceLYnk versions 2.6.2 and prior Wiser for KNX formerly homeLYnk versions 2.6.2 and prior fellerLYnk versions 2.6.2 and prior Description: A Missing Authentication for Critical Function issue exists, allowing unauthorized modifications to...

spaceLYnk 跨站脚本漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric France. The spaceLYnk suffers from a cross-site scripting vulnerability that originated when an attacker could use the vulnerability to inject and execute arbitrary malicious JavaScript code in the target...

spaceLYnk 跨站请求伪造漏洞

Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric, France. spaceLYnk suffers from a cross-site request forgery vulnerability that stems from the presence of a CWE-352:Cross-Site Request Forgery CSRF vulnerability, which could entice a user to perform an...

Schneider Electric 多款产品安全漏洞

Schneider Electric spaceLYnk and others are products of Schneider Electric, a French company. spaceLYnk is a programmable logic controller. homeLYnk is a home automation specialist. fellerLYnk is a logic controller. Schneider Electric A security vulnerability exists in several Schneider Electric...

Schneider Electric spaceLYnk 访问控制错误漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric France. An access control error vulnerability exists in the Schneider Electric spaceLYnk that originates when an attacker can exploit the vulnerability to attempt to modify the touch configuration, which...

PT-2022-6504 · Unknown +1 · Wiser For Knx +2

Name of the Vulnerable Software and Affected Versions: spaceLYnk versions 2.6.2 and prior Wiser for KNX formerly homeLYnk versions 2.6.2 and prior fellerLYnk versions 2.6.2 and prior Description: A Cross-Site Request Forgery CSRF issue exists that could induce users to perform unintended actions,...

CVE-2021-22737

Insufficiently Protected Credentials vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack...

CVE-2021-22734

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code...

CVE-2021-22735

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device...

CVE-2021-22739

Information Exposure vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured...

CVE-2021-22738

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...

CVE-2021-22736

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded...