Schneider-Electric Wiser For Knx Firmware vulnerabilities

CVE-2021-22806 [HIGH] CWE-669 CVE-2021-22806: A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data ex A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)

CVE-2022-22810 [CRITICAL] CWE-307 CVE-2022-22810: A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVE-2022-22811 [HIGH] CWE-352 CVE-2022-22811: A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.

CVE-2022-22809 [MEDIUM] CWE-306 CVE-2022-22809: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifi A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and pr

CVE-2022-22812 [MEDIUM] CWE-79 CVE-2022-22812: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.

CVE-2020-7525 [HIGH] CWE-307 CVE-2020-7525: Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versi Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

CVE-2019-6832 [HIGH] CWE-287 CVE-2019-6832: A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser fo A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.

CVE-2018-7779 [HIGH] CVE-2018-7779: In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1. In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.