CVE-2019-6832
https://notcve.org/view.php?id=CVE-2019-6832
A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. A CWE-287: Se presenta vulnerabilidad de Autenticación en spaceLYnk (todas las versiones anteriores a 2.4.0) y Wiser for KNX (todas las versiones anteriores a 2.4.0 - anteriormente conocido como homeLYnk), lo que podría causar la pérdida de control cuando un atacante omite la autenticación. • https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07 • CWE-287: Improper Authentication •
CVE-2017-7689
https://notcve.org/view.php?id=CVE-2017-7689
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. Existe una vulnerabilidad de Command Injection en Schneider Electric. El controlador HOMELYnk existe en todas las versiones anteriores a 1.5.0. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-052-02 http://www.securityfocus.com/bid/97585 https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01A • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-5157
https://notcve.org/view.php?id=CVE-2017-5157
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Ha sido descubierto un problema en Schneider Electric homeLYnk Controller, LSS100100, todas las versiones anteriores a V1.5.0. El controlador homeLYnk es susceptible a un ataque de secuencias de comandos en sitios cruzados. • http://www.securityfocus.com/bid/95665 https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •