Improper Privilege Management in Wiser For KNX and spaceLYnk by Schneider Electric
CVE-2021-22733

7.8HIGH

Key Information:

Summary

The vulnerability found in Wiser For KNX and spaceLYnk allows unauthorized code to be executed, potentially granting attackers shell access. This risk arises from improper privilege management within the system, which permits loading malicious scripts into the system folder. Users of these products are advised to implement security measures to mitigate this risk and ensure their systems are protected from exploitation.

Affected Version(s)

homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.