Improper Privilege Management in Wiser For KNX and spaceLYnk by Schneider Electric
CVE-2021-22733
7.8HIGH
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 26 May 2021
Summary
The vulnerability found in Wiser For KNX and spaceLYnk allows unauthorized code to be executed, potentially granting attackers shell access. This risk arises from improper privilege management within the system, which permits loading malicious scripts into the system folder. Users of these products are advised to implement security measures to mitigate this risk and ensure their systems are protected from exploitation.
Affected Version(s)
homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved