SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution

SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify...

The vulnerability of the microprogramming software of Schneider Electric’s Automation Servers SpaceLogic AS-P and SpaceLogic AS-B relates to the disclosure of information through registration files, allowing attackers to obtain SNMP credentials.

The vulnerability of the microprogramming software used in Schneider Electric’s Automation Servers SpaceLogic AS-P and SpaceLogic AS-B lies in the ability to disclose information through registration files. Exploiting this vulnerability can allow a malicious actor to obtain SNMP credentials...

The vulnerability of the microprogramming software of Schneider Electric’s Automation Servers SpaceLogic AS-P and SpaceLogic AS-B lies in synchronization errors when using common resources, allowing attackers to gain increased privileges.

The vulnerability of the microprogramming software of Schneider Electric’s Automation Servers SpaceLogic AS-P and SpaceLogic AS-B is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow attackers to increase their privileges...

Schneider Electric SpaceLogic AS-P/AS-B Log Message Disclosure Vulnerability

The Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. The Schneider Electric SpaceLogic AS-P/AS-B suffers from a log message disclosure vulnerability that can be exploited by an attacker to cause SNMP credentials to be exposed...

Schneider Electric SpaceLogic AS-P 日志信息泄露漏洞

The Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. The Schneider Electric SpaceLogic AS-P/AS-B suffers from a log message disclosure vulnerability that can be exploited by an attacker to cause SNMP credentials to be exposed...

Schneider Electric SpaceLogic AS-P Security Vulnerability

Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. A security vulnerability exists in Schneider Electric SpaceLogic AS-P V5.0.3 and earlier and SpaceLogic AS-B V5.0.3 and earlier, which stems from the presence of a competitive condition vulnerability that...

PT-2024-4202 · Schneider Electric · Spacelogic As-B

Name of the Vulnerable Software and Affected Versions: Schneider Electric SpaceLogic AS-P and SpaceLogic AS-B affected versions not specified Description: A Time-of-check Time-of-use TOCTOU Race Condition issue exists, potentially allowing an attacker to escalate privileges by abusing a limited...

PT-2024-4207 · Schneider Electric · Spacelogic As-B

Name of the Vulnerable Software and Affected Versions: Schneider Electric SpaceLogic AS-P and SpaceLogic AS-B affected versions not specified Description: The issue is related to the exposure of sensitive information, specifically SNMP credentials, through log files. This could allow a remote...

VulnCheck KEV: CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller 5200WHC2, formerly known as C-Bus Wiser Homer...

Schneider Electric SpaceLogic C-Bus Toolkit

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : SpaceLogic C-Bus Toolkit Vulnerabilities : Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

The software’s vulnerability in integrating the SpaceLogic system management system with the C-Bus SpaceLogic C-Bus Toolkit allows a intruder to execute arbitrary code. This vulnerability arises from the insecure handling of privileges, enabling the intruder to perform unauthorized actions.

The vulnerability of the SpaceLogic system integration software with the C-Bus SpaceLogic C-Bus Toolkit is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The software’s vulnerability in integrating the SpaceLogic system management system with the C-Bus SpaceLogic C-Bus Toolkit allows unauthorized access to files by attackers, due to deficiencies in path name limitation.

The vulnerability of the SpaceLogic system integration software with the C-Bus SpaceLogic C-Bus Toolkit is related to deficiencies in path name limitation. Exploiting this vulnerability can allow an intruder to gain unauthorized access to files...

Schneider Electric SpaceLogic C-Bus Home Controller Security Vulnerability

The Schneider Electric SpaceLogic C-Bus Home Controller is a powerful, fully integrated system from Schneider Electric, France. It can control and automate lighting and many other electrical systems and products. A security vulnerability exists in the Schneider Electric SpaceLogic C-Bus Home...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...

Schneider Electric C-Bus多款产品 授权问题漏洞

Schneider Electric C-Bus Home Automation is a series of bus-based home automation systems from French company Schneider Electric. An authorization issue vulnerability exists in various Schneider Electric C-Bus products, which stems from an improper authentication mechanism that allows an attacker...

CVE-2022-32514

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

CVE-2022-32514

CVE-2022-32514 describes an improper authentication vulnerability that could let an attacker gain control of the device by logging into a web page. Affected products include Schneider Electric C‑Bus Network Automation Controller (LSS5500NAC), Wiser for C‑Bus Automation Controller (LSS5500SHAC), C...

CVE-2022-32514

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller - LSS5500SHAC...