Vulnerabilities > Schneider Electric > Spacelynk Firmware > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2021-22806 | Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 5.0 |
2022-02-09 | CVE-2022-22809 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. | 5.3 |
2022-02-09 | CVE-2022-22810 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. | 5.0 |
2022-02-09 | CVE-2022-22811 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. | 8.1 |
2022-02-09 | CVE-2022-22812 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. | 4.3 |
2021-05-26 | CVE-2021-22732 | Improper Privilege Management vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | 4.6 |
2021-05-26 | CVE-2021-22733 | Improper Privilege Management vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | 4.6 |
2021-05-26 | CVE-2021-22734 | Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. | 6.5 |
2021-05-26 | CVE-2021-22735 | Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. | 6.5 |
2021-05-26 | CVE-2021-22736 | Path Traversal vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. | 5.0 |