Vulnerabilities > CVE-2020-7525 - Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Spacelynk Firmware and Wiser FOR KNX Firmware

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

schneider-electric

CWE-307

NVD

Published: 2020-08-31

Updated: 2020-09-04

Summary

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Spacelynk Firmware 2.4.0 Schneider Electric Wiser FOR KNX Firmware 2.4.0	2
Hardware	Schneider-Electric Schneider Electric Spacelynk - Schneider Electric Wiser FOR KNX -	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.se.com/ww/en/download/document/SEVD-2020-224-02/