Lucene search
+L

154 matches found

cnnvd
cnnvd
added 2022/02/11 12:0 a.m.5 views

Schneider Electric 多款产品安全漏洞

Schneider Electric spaceLYnk and Wiser for KNX are both products of Schneider Electric, a French company. spaceLYnk is a programmable logic controller. wiser for KNX is a home automation control system. A security vulnerability exists in several Schneider Electric products that originates from...

7.5CVSS7.3AI score0.00954EPSS
Exploits0References2
osv
osv
added 2022/02/09 11:15 p.m.5 views

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

5.3CVSS5.8AI score0.00778EPSS
Exploits0References1
nvd
nvd
added 2022/02/09 11:15 p.m.22 views

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

8.8CVSS0.00406EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/02/09 11:15 p.m.7 views

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

5.3CVSS6.1AI score0.00778EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

8.8CVSS7.2AI score0.00406EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS6.6AI score0.00604EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...

9.8CVSS7.3AI score0.01091EPSS
Exploits0References2
nvd
nvd
added 2022/02/09 11:15 p.m.26 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS0.00604EPSS
Exploits0References1
osv
osv
added 2022/02/09 11:15 p.m.4 views

CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...

9.8CVSS7.3AI score0.01091EPSS
Exploits0References1
osv
osv
added 2022/02/09 11:15 p.m.4 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS5.9AI score0.00604EPSS
Exploits0References1
osv
osv
added 2022/02/09 11:15 p.m.5 views

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

8.1CVSS7.3AI score0.00406EPSS
Exploits0References1
prion
prion
added 2022/02/09 11:15 p.m.20 views

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...

5CVSS9.4AI score0.01091EPSS
Exploits0References1Affected Software3
prion
prion
added 2022/02/09 11:15 p.m.22 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

4.3CVSS6.4AI score0.00604EPSS
Exploits0References1Affected Software3
prion
prion
added 2022/02/09 11:15 p.m.18 views

Cross site request forgery (csrf)

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

8.8CVSS8.1AI score0.00406EPSS
Exploits0References1Affected Software3
cve
cve
added 2022/02/09 10:5 p.m.75 views

CVE-2022-22812

CVE-2022-22812 is a Cross-site Scripting (CWE-79) vulnerability affecting spaceLYnk, Wiser for KNX (formerly homeLYnk), and fellerLYnk up to v2.6.2. The root cause is improper neutralization of input during web page generation, allowing an attacker to inject and execute arbitrary JavaScript in th...

6.1CVSS6.4AI score0.00604EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/02/09 10:5 p.m.32 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.7AI score0.00604EPSS
Exploits0References1
cve
cve
added 2022/02/09 10:5 p.m.78 views

CVE-2022-22811

CVE-2022-22811 describes a Cross‑Site Request Forgery (CSRF) in spaceLYnk (2.6.2 and earlier), Wiser for KNX (formerly homeLYnk) (2.6.2 and earlier), and fellerLYnk (2.6.2 and earlier). The issue could cause users to perform unintended actions, potentially overriding system configurations when a ...

8.8CVSS8.1AI score0.00406EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/02/09 10:5 p.m.24 views

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

8.3AI score0.00406EPSS
Exploits0References1
cve
cve
added 2022/02/09 10:5 p.m.80 views

CVE-2022-22810

CVE-2022-22810 is a CWE-307 vulnerability affecting Schneider Electric products SpaceLYnk (v2.6.2 and earlier), Wiser for KNX (formerly homeLYnk, v2.6.2 and earlier), and fellerLYnk (v2.6.2 and earlier). The issue is an improper restriction of excessive authentication attempts, enabling an attack...

9.8CVSS9.3AI score0.01091EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/02/09 10:5 p.m.22 views

CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...

9.6AI score0.01091EPSS
Exploits0References1
Rows per page
Query Builder