Summary
| Detail | |||
|---|---|---|---|
| Vendor | Schneider-Electric | First view | 2018-07-03 |
| Product | Homelynk Firmware | Last view | 2021-05-26 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:schneider-electric:homelynk_firmware:2.0.1:*:*:*:*:*:*:* | 10 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2021-05-26 | CVE-2021-22740 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. |
| 5.9 | 2021-05-26 | CVE-2021-22739 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. |
| 9.8 | 2021-05-26 | CVE-2021-22738 | Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. |
| 9.8 | 2021-05-26 | CVE-2021-22737 | Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. |
| 7.5 | 2021-05-26 | CVE-2021-22736 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. |
| 7.2 | 2021-05-26 | CVE-2021-22735 | Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. |
| 7.2 | 2021-05-26 | CVE-2021-22734 | Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. |
| 7.8 | 2021-05-26 | CVE-2021-22733 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. |
| 7.8 | 2021-05-26 | CVE-2021-22732 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. |
| 7.5 | 2018-07-03 | CVE-2018-7779 | In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (2) | CWE-347 | Improper Verification of Cryptographic Signature |
| 22% (2) | CWE-269 | Improper Privilege Management |
| 22% (2) | CWE-200 | Information Exposure |
| 11% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 11% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |
| 11% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
