CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22806
https://notcve.org/view.php?id=CVE-2021-22806
11 Feb 2022 — A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) Una CWE-669: Se presenta una vulnerabilidad de Transferencia Incorrecta de Recursos entre Esferas que podría causar una exfiltración de datos y el acceso no autorizado cuando es accedido a un sitio web malicioso. Producto afectad... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22812
https://notcve.org/view.php?id=CVE-2022-22812
09 Feb 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inadecuada de Entradas Durante la Generación de Páginas... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22811
https://notcve.org/view.php?id=CVE-2022-22811
09 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que podría inducir a usuarios a llevar a cabo acciones no ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22810
https://notcve.org/view.php?id=CVE-2022-22810
09 Feb 2022 — A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-307: Se presenta una vulnerabilidad de Restricción Inapropiada de los Intentos de Autenticación Excesivos que podría permitir a un atacante manipular al administrador tras numeroso... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22809
https://notcve.org/view.php?id=CVE-2022-22809
09 Feb 2022 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para la Función Crítica que podría permitir una modificación de las configuraciones tá... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22740
https://notcve.org/view.php?id=CVE-2021-22740
26 May 2021 — Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. Se presenta una vulnerabilidad de Exposición de Información en homeLYnk (Wiser For KNX) y spaceLYnk versiones V2.60 y anteriores, que podría causar que la información sea expuesta cuando un archivo no autorizado es cargado • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22739
https://notcve.org/view.php?id=CVE-2021-22739
26 May 2021 — Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. Se presenta una vulnerabilidad de Exposición de Información en homeLYnk (Wiser For KNX) y spaceLYnk versiones V2.60 y anteriores, que podría causar que un dispositivo sea comprometido cuando se configura por primera vez • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22738
https://notcve.org/view.php?id=CVE-2021-22738
26 May 2021 — Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. Se presenta una vulnerabilidad de uso de Algoritmo Criptográfico Roto o Riesgoso en homeLYnk (Wiser para KNX) y spaceLYnk versiones V2.60 y anteriores, que podría causar un acceso no autorizaado cuando las credenciales son descubiertas después de un ataque de fuerza bruta • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22736
https://notcve.org/view.php?id=CVE-2021-22736
26 May 2021 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en homeLYnk (Wiser para KNX) y spaceLYnk versiones V2.60 y anteriores, que podría causar una denegación de servicio cuando un archivo no autorizado es ca... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22735
https://notcve.org/view.php?id=CVE-2021-22735
26 May 2021 — Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. Se presenta una vulnerabilidad de Comprobación Inapropiada de la Firma Criptográfica en homeLYnk (Wiser For KNX) y spaceLYnk versiones V2.60 y anteriores, que podría permitir una ejecución de código remota cuando un código no autorizado es copiado en el dispositivo • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-347: Improper Verification of Cryptographic Signature •