CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22806
https://notcve.org/view.php?id=CVE-2021-22806
11 Feb 2022 — A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) Una CWE-669: Se presenta una vulnerabilidad de Transferencia Incorrecta de Recursos entre Esferas que podría causar una exfiltración de datos y el acceso no autorizado cuando es accedido a un sitio web malicioso. Producto afectad... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22812
https://notcve.org/view.php?id=CVE-2022-22812
09 Feb 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inadecuada de Entradas Durante la Generación de Páginas... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22811
https://notcve.org/view.php?id=CVE-2022-22811
09 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que podría inducir a usuarios a llevar a cabo acciones no ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22810
https://notcve.org/view.php?id=CVE-2022-22810
09 Feb 2022 — A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-307: Se presenta una vulnerabilidad de Restricción Inapropiada de los Intentos de Autenticación Excesivos que podría permitir a un atacante manipular al administrador tras numeroso... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22809
https://notcve.org/view.php?id=CVE-2022-22809
09 Feb 2022 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para la Función Crítica que podría permitir una modificación de las configuraciones tá... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-306: Missing Authentication for Critical Function •