CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22806
https://notcve.org/view.php?id=CVE-2021-22806
11 Feb 2022 — A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) Una CWE-669: Se presenta una vulnerabilidad de Transferencia Incorrecta de Recursos entre Esferas que podría causar una exfiltración de datos y el acceso no autorizado cuando es accedido a un sitio web malicioso. Producto afectad... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22812
https://notcve.org/view.php?id=CVE-2022-22812
09 Feb 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inadecuada de Entradas Durante la Generación de Páginas... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22811
https://notcve.org/view.php?id=CVE-2022-22811
09 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que podría inducir a usuarios a llevar a cabo acciones no ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22810
https://notcve.org/view.php?id=CVE-2022-22810
09 Feb 2022 — A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-307: Se presenta una vulnerabilidad de Restricción Inapropiada de los Intentos de Autenticación Excesivos que podría permitir a un atacante manipular al administrador tras numeroso... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22809
https://notcve.org/view.php?id=CVE-2022-22809
09 Feb 2022 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para la Función Crítica que podría permitir una modificación de las configuraciones tá... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-7525
https://notcve.org/view.php?id=CVE-2020-7525
31 Aug 2020 — Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. Se presenta una vulnerabilidad de Restricción Inapropiada de Intentos de Autenticación Excesivos en todas las versiones de hardware de spaceLYnk y Wiser para KNX (anteriormente homeLYnk) que podría permitir a un atacante adivinar una contraseña cuando es usado un ataque de fuerza ... • https://www.se.com/ww/en/download/document/SEVD-2020-224-02 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6832
https://notcve.org/view.php?id=CVE-2019-6832
17 Sep 2019 — A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. A CWE-287: Se presenta vulnerabilidad de Autenticación en spaceLYnk (todas las versiones anteriores a 2.4.0) y Wiser for KNX (todas las versiones anteriores a 2.4.0 - anteriormente conocido como homeLYnk), lo que podría causar la pérdida de control cuando un atacante ... • https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7779
https://notcve.org/view.php?id=CVE-2018-7779
03 Jul 2018 — In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. En Schneider Electric Wiser para KNX V2.1.0 y anteriores, homeLYnk V2.0.1 y anteriores y spaceLYnk V2.1.0 y anteriores, el acceso FTP desprotegido y débil podría permitir que un atacante tenga acceso no autorizado. • https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02 •