Authentication Flaw in spaceLYnk and Wiser for KNX Products by Schneider Electric
CVE-2019-6832

8.3HIGH

Key Information:

Vendor: Schneider Electric
Status: Spacelynk; Wiser For Knx
Vendor: CVE Published:; 17 September 2019

Summary

An authentication vulnerability in spaceLYnk and Wiser for KNX can allow an attacker to bypass authentication controls, leading to potential unauthorized access and loss of control over the affected systems. It is critical for users of these products to upgrade to versions 2.4.0 or later to mitigate this risk.

Affected Version(s)

spaceLYnk all versions before 2.4.0

Wiser for KNX all versions before 2.4.0 - formerly known as homeLYnk

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019