This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Schneider-Electric First view 2018-07-03
Product Homelynk Firmware Last view 2021-05-26
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:schneider-electric:homelynk_firmware:2.0.1:*:*:*:*:*:*:* 10

Related : CVE

  Date Alert Description
6.5 2021-05-26 CVE-2021-22740

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded.

5.9 2021-05-26 CVE-2021-22739

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured.

9.8 2021-05-26 CVE-2021-22738

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.

9.8 2021-05-26 CVE-2021-22737

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack.

7.5 2021-05-26 CVE-2021-22736

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded.

7.2 2021-05-26 CVE-2021-22735

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device.

7.2 2021-05-26 CVE-2021-22734

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

7.8 2021-05-26 CVE-2021-22733

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.

7.8 2021-05-26 CVE-2021-22732

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server.

7.5 2018-07-03 CVE-2018-7779

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.

CWE : Common Weakness Enumeration

%idName
22% (2) CWE-347 Improper Verification of Cryptographic Signature
22% (2) CWE-269 Improper Privilege Management
22% (2) CWE-200 Information Exposure
11% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
11% (1) CWE-307 Improper Restriction of Excessive Authentication Attempts
11% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...