CVE-2020-7525

CWE-3073 documents3 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Spacelynk Firmware Schneider-electric Wiser FOR KNX Firmware

Timeline

PublishedAug 31

Latest updateMay 24

Description

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5all_hardware_versions_of_spacelynk_and_wiser_for_knx_(formerly_homelynk)All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk)

▶NVDschneider-electric/wiser< 2.5.1

▶NVDschneider-electric/spacelynk_firmware< 2.5.1

🔴Vulnerability Details

GHSA

GHSA-h2g8-f7wg-mhxh: Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeL↗2022-05-24

▶

CVEList

CVE-2020-7525: Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeL↗2020-08-31

▶