Vulnerabilities > Schneider Electric > Wiser FOR KNX Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22806 | Unspecified vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 7.5 |
| 2022-02-09 | CVE-2022-22811 | Unspecified vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. | 8.1 |
| 2020-08-31 | CVE-2020-7525 | Unspecified vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | 7.5 |
| 2019-09-17 | CVE-2019-6832 | Improper Authentication vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | 8.3 |
| 2018-07-03 | CVE-2018-7779 | Unspecified vulnerability in Schneider-Electric products In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. | 7.5 |