CVE-2017-7689
https://notcve.org/view.php?id=CVE-2017-7689
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. Existe una vulnerabilidad de Command Injection en Schneider Electric. El controlador HOMELYnk existe en todas las versiones anteriores a 1.5.0. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-052-02 http://www.securityfocus.com/bid/97585 https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01A • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-5157
https://notcve.org/view.php?id=CVE-2017-5157
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Ha sido descubierto un problema en Schneider Electric homeLYnk Controller, LSS100100, todas las versiones anteriores a V1.5.0. El controlador homeLYnk es susceptible a un ataque de secuencias de comandos en sitios cruzados. • http://www.securityfocus.com/bid/95665 https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •